11241100x80000000000000004276118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6f803c9542e3672022-01-04 14:18:15.459root 11241100x80000000000000004276119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79557e1de06fda22022-01-04 14:18:15.459root 11241100x80000000000000004276120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88acb1bb811e7082022-01-04 14:18:15.460root 11241100x80000000000000004276121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd501884df943e942022-01-04 14:18:15.460root 11241100x80000000000000004276122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cf51a9ae25b5d42022-01-04 14:18:15.460root 11241100x80000000000000004276123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f921bf982d743302022-01-04 14:18:15.460root 11241100x80000000000000004276124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7480ebb9e74e82c2022-01-04 14:18:15.460root 11241100x80000000000000004276125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54f1685da05e6f62022-01-04 14:18:15.460root 11241100x80000000000000004276126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02525cdc606e85c22022-01-04 14:18:15.460root 11241100x80000000000000004276127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad615a4b2f5d9a442022-01-04 14:18:15.461root 11241100x80000000000000004276128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90589aa0824fe7c62022-01-04 14:18:15.461root 11241100x80000000000000004276129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e2a13a207f2f142022-01-04 14:18:15.461root 11241100x80000000000000004276130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82da6b07dcabc7a2022-01-04 14:18:15.461root 11241100x80000000000000004276131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888e37786dfb1042022-01-04 14:18:15.461root 11241100x80000000000000004276132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d95ca09a8ca99502022-01-04 14:18:15.461root 11241100x80000000000000004276133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a22cc08cc845f32022-01-04 14:18:15.461root 11241100x80000000000000004276134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3575bb0436635fa2022-01-04 14:18:15.461root 11241100x80000000000000004276135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13295c85c9b75a5a2022-01-04 14:18:15.461root 11241100x80000000000000004276136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bf1885d596ec492022-01-04 14:18:15.461root 11241100x80000000000000004276137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e73eaa4c40beb22022-01-04 14:18:15.960root 11241100x80000000000000004276138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7bc9eee49e45f02022-01-04 14:18:15.960root 11241100x80000000000000004276139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224ba931864836ea2022-01-04 14:18:15.960root 11241100x80000000000000004276140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c770a0d0e227bd2022-01-04 14:18:15.960root 11241100x80000000000000004276141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b326ecafbabf4fb02022-01-04 14:18:15.960root 11241100x80000000000000004276142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86236dd5e112745b2022-01-04 14:18:15.960root 11241100x80000000000000004276143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de23cdf36bb81e42022-01-04 14:18:15.960root 11241100x80000000000000004276144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59393b14c7838cc72022-01-04 14:18:15.960root 11241100x80000000000000004276145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6667eea436f1432022-01-04 14:18:15.961root 11241100x80000000000000004276146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7459cdf077e319d2022-01-04 14:18:15.961root 11241100x80000000000000004276147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c00942a6c496e82022-01-04 14:18:15.961root 11241100x80000000000000004276148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bca4fca47d694ff2022-01-04 14:18:15.961root 11241100x80000000000000004276149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0506dbde82820aac2022-01-04 14:18:15.961root 11241100x80000000000000004276150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2862ac336900f82022-01-04 14:18:15.962root 11241100x80000000000000004276151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1f50699e6356c2022-01-04 14:18:15.962root 11241100x80000000000000004276152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af64172436f5fc52022-01-04 14:18:15.962root 11241100x80000000000000004276153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6af2b55e8da6a5e2022-01-04 14:18:15.962root 11241100x80000000000000004276154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a85cd30885b5f12022-01-04 14:18:15.962root 11241100x80000000000000004276155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e1b95de24700162022-01-04 14:18:15.962root 11241100x80000000000000004276156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0122f34eb02ff87a2022-01-04 14:18:16.460root 11241100x80000000000000004276157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac7541a3a0cd5d02022-01-04 14:18:16.460root 11241100x80000000000000004276158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1272d3441aae60a82022-01-04 14:18:16.460root 11241100x80000000000000004276159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5709ad10ca4172022-01-04 14:18:16.460root 11241100x80000000000000004276160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a703ab3d05f3662022-01-04 14:18:16.460root 11241100x80000000000000004276161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2b79005b5cc8982022-01-04 14:18:16.460root 11241100x80000000000000004276162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0893f4a69d2cb52022-01-04 14:18:16.460root 11241100x80000000000000004276163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f325a97d48df02022-01-04 14:18:16.460root 11241100x80000000000000004276164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed7b86b97bc54292022-01-04 14:18:16.460root 11241100x80000000000000004276165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bce80082d5d6ae12022-01-04 14:18:16.460root 11241100x80000000000000004276166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22c0b7a9c7e81ec2022-01-04 14:18:16.460root 11241100x80000000000000004276167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ded1c097498b852022-01-04 14:18:16.460root 11241100x80000000000000004276168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87742e28d11445242022-01-04 14:18:16.460root 11241100x80000000000000004276169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100d84725156bf5e2022-01-04 14:18:16.461root 11241100x80000000000000004276170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8caf9ed27f76d52022-01-04 14:18:16.461root 11241100x80000000000000004276171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6c8eca8aa240802022-01-04 14:18:16.461root 11241100x80000000000000004276172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299dee1843f9374c2022-01-04 14:18:16.461root 11241100x80000000000000004276173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4883c4fbacfa5b2022-01-04 14:18:16.461root 11241100x80000000000000004276174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb0291edddb6ca02022-01-04 14:18:16.461root 11241100x80000000000000004276175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5ab81b127691f92022-01-04 14:18:16.959root 11241100x80000000000000004276176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3010e19dc2e07c2022-01-04 14:18:16.960root 11241100x80000000000000004276177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9a941b78288e7f2022-01-04 14:18:16.960root 11241100x80000000000000004276178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132c770769e23b982022-01-04 14:18:16.960root 11241100x80000000000000004276179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cfca85d7cb0d1b2022-01-04 14:18:16.960root 11241100x80000000000000004276180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f55a6fd704f0652022-01-04 14:18:16.960root 11241100x80000000000000004276181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78db9b87b03c03e2022-01-04 14:18:16.960root 11241100x80000000000000004276182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2556ab7b587ec4de2022-01-04 14:18:16.960root 11241100x80000000000000004276183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15bc93783b9ce8b2022-01-04 14:18:16.960root 11241100x80000000000000004276184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0ed91ced5e1d62022-01-04 14:18:16.960root 11241100x80000000000000004276185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b619f1a29d09af2022-01-04 14:18:16.960root 11241100x80000000000000004276186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3a05f6132194fa2022-01-04 14:18:16.960root 11241100x80000000000000004276187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cd72587834a1162022-01-04 14:18:16.960root 11241100x80000000000000004276188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe94f4c2c93cac72022-01-04 14:18:16.961root 11241100x80000000000000004276189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2fe5258fff0622022-01-04 14:18:16.961root 11241100x80000000000000004276190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce0a48414c480d2022-01-04 14:18:16.961root 11241100x80000000000000004276191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f050198db1f934f2022-01-04 14:18:16.961root 11241100x80000000000000004276192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931779bcd988d1312022-01-04 14:18:16.961root 11241100x80000000000000004276193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a49b51f6ee3f9572022-01-04 14:18:16.961root 11241100x80000000000000004276194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420b94ef290011d2022-01-04 14:18:17.459root 11241100x80000000000000004276195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2125438d7ad4be6e2022-01-04 14:18:17.459root 11241100x80000000000000004276196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5952b2c800adcaf62022-01-04 14:18:17.460root 11241100x80000000000000004276197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed996b8bfcff1b62022-01-04 14:18:17.460root 11241100x80000000000000004276198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d8751b1d53f2b82022-01-04 14:18:17.460root 11241100x80000000000000004276199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c71f4b79f2616db2022-01-04 14:18:17.460root 11241100x80000000000000004276200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3356e2ac2626f8382022-01-04 14:18:17.460root 11241100x80000000000000004276201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc5e5a16800519a2022-01-04 14:18:17.460root 11241100x80000000000000004276202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc25dd5a88fe53d92022-01-04 14:18:17.460root 11241100x80000000000000004276203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3d9f0074d757d52022-01-04 14:18:17.460root 11241100x80000000000000004276204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32df0360fd2b35eb2022-01-04 14:18:17.460root 11241100x80000000000000004276205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4797e7034141a02022-01-04 14:18:17.460root 11241100x80000000000000004276206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8da35803762212a2022-01-04 14:18:17.461root 11241100x80000000000000004276207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56d8bc3b8d7064b2022-01-04 14:18:17.461root 11241100x80000000000000004276208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9292f643c56531fd2022-01-04 14:18:17.461root 11241100x80000000000000004276209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b53ffa665b17a2a2022-01-04 14:18:17.461root 11241100x80000000000000004276210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0a90e8f5e8ae1d2022-01-04 14:18:17.461root 11241100x80000000000000004276211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc7dade51f178fc2022-01-04 14:18:17.461root 11241100x80000000000000004276212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eca797751bc428c2022-01-04 14:18:17.461root 11241100x80000000000000004276213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910774ff2bf0e35e2022-01-04 14:18:17.960root 11241100x80000000000000004276214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a03c5e2662ad312022-01-04 14:18:17.960root 11241100x80000000000000004276215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d76ca952e99b8d2022-01-04 14:18:17.960root 11241100x80000000000000004276216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2341b41a8242241b2022-01-04 14:18:17.960root 11241100x80000000000000004276217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d876de1f15eeb502022-01-04 14:18:17.960root 11241100x80000000000000004276218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ab61c13ba85ba52022-01-04 14:18:17.960root 11241100x80000000000000004276219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eba9b7dd47be79c2022-01-04 14:18:17.960root 11241100x80000000000000004276220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f410af022c3ee42022-01-04 14:18:17.960root 11241100x80000000000000004276221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62ec0c3cd81fe52022-01-04 14:18:17.960root 11241100x80000000000000004276222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091f3dc249e2e41c2022-01-04 14:18:17.960root 11241100x80000000000000004276223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7a8c169eebcf6a2022-01-04 14:18:17.960root 11241100x80000000000000004276224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ec06edae86ab72022-01-04 14:18:17.961root 11241100x80000000000000004276225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e1965cc407a73f2022-01-04 14:18:17.961root 11241100x80000000000000004276226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4c6cb0655af6802022-01-04 14:18:17.961root 11241100x80000000000000004276227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716932f06b7589642022-01-04 14:18:17.961root 11241100x80000000000000004276228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6f2ec9657a0b62022-01-04 14:18:17.961root 11241100x80000000000000004276229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1b037c9d73a4822022-01-04 14:18:17.961root 11241100x80000000000000004276230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfce4ba4dd2c8742022-01-04 14:18:17.961root 11241100x80000000000000004276231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f362e514bac4d5862022-01-04 14:18:17.961root 11241100x80000000000000004276232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae4fe6e31077d8f2022-01-04 14:18:18.459root 11241100x80000000000000004276233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d41041d24537782022-01-04 14:18:18.460root 11241100x80000000000000004276234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac358cf344c01fa2022-01-04 14:18:18.460root 11241100x80000000000000004276235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f30d796f4fd6ae2022-01-04 14:18:18.460root 11241100x80000000000000004276236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bd7b0078628de12022-01-04 14:18:18.460root 11241100x80000000000000004276237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21a65cf37c9aac2022-01-04 14:18:18.460root 11241100x80000000000000004276238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b15b6b68e8fa82022-01-04 14:18:18.460root 11241100x80000000000000004276239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1a0d8189f7e4d52022-01-04 14:18:18.460root 11241100x80000000000000004276240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e40d3ebf699bb6c2022-01-04 14:18:18.460root 11241100x80000000000000004276241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2141e5cc29c3b5092022-01-04 14:18:18.460root 11241100x80000000000000004276242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d351ac5643f0c4b62022-01-04 14:18:18.461root 11241100x80000000000000004276243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bd0d9406a5ad232022-01-04 14:18:18.461root 11241100x80000000000000004276244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde209ed445f43c02022-01-04 14:18:18.461root 11241100x80000000000000004276245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb39c008e0d7c1c2022-01-04 14:18:18.461root 11241100x80000000000000004276246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8acc84bf4488d0c2022-01-04 14:18:18.461root 11241100x80000000000000004276247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc082dd13ac6371e2022-01-04 14:18:18.461root 11241100x80000000000000004276248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af5287f7c0b82672022-01-04 14:18:18.461root 11241100x80000000000000004276249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b0406bd143baa52022-01-04 14:18:18.461root 11241100x80000000000000004276250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca816727776dc472022-01-04 14:18:18.462root 11241100x80000000000000004276251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6892cab569b60f182022-01-04 14:18:18.960root 11241100x80000000000000004276252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c5dec7bb9a5fdd2022-01-04 14:18:18.960root 11241100x80000000000000004276253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc93986fd932dd62022-01-04 14:18:18.960root 11241100x80000000000000004276254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8917e4fd905e1c2022-01-04 14:18:18.960root 11241100x80000000000000004276255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2aeef02e9a80772022-01-04 14:18:18.960root 11241100x80000000000000004276256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e39fa3f100a892022-01-04 14:18:18.960root 11241100x80000000000000004276257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0ae273eeb81e4c2022-01-04 14:18:18.960root 11241100x80000000000000004276258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfe068d6734a1f02022-01-04 14:18:18.960root 11241100x80000000000000004276259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92c5af57f695d482022-01-04 14:18:18.960root 11241100x80000000000000004276260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12439a53c5025b842022-01-04 14:18:18.960root 11241100x80000000000000004276261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fab0fb67e82e08b2022-01-04 14:18:18.960root 11241100x80000000000000004276262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbdaa22b076c32e2022-01-04 14:18:18.960root 11241100x80000000000000004276263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15b86980605436e2022-01-04 14:18:18.960root 11241100x80000000000000004276264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e162fcbf8530fd2022-01-04 14:18:18.961root 11241100x80000000000000004276265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe11f500a9288922022-01-04 14:18:18.961root 11241100x80000000000000004276266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653802fea1d5c9f42022-01-04 14:18:18.961root 11241100x80000000000000004276267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10648a79bed1ce802022-01-04 14:18:18.961root 11241100x80000000000000004276268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e80a24dd5fb4e442022-01-04 14:18:18.961root 11241100x80000000000000004276269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2ba49a880dfa6e2022-01-04 14:18:18.961root 11241100x80000000000000004276270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68959eeea9c3a38e2022-01-04 14:18:19.460root 11241100x80000000000000004276271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac309019ed4090902022-01-04 14:18:19.460root 11241100x80000000000000004276272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d891613f38bf357b2022-01-04 14:18:19.460root 11241100x80000000000000004276273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d7ae5c65ea83a42022-01-04 14:18:19.460root 11241100x80000000000000004276274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365d710718c32302022-01-04 14:18:19.460root 11241100x80000000000000004276275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c444ef67d1a1532022-01-04 14:18:19.460root 11241100x80000000000000004276276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f72a269ef4ec0e62022-01-04 14:18:19.460root 11241100x80000000000000004276277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5484bd092b9212ac2022-01-04 14:18:19.460root 11241100x80000000000000004276278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193ebd5f5262f62c2022-01-04 14:18:19.460root 11241100x80000000000000004276279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7249f7372ed632022-01-04 14:18:19.460root 11241100x80000000000000004276280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be00a04b68bbc192022-01-04 14:18:19.460root 11241100x80000000000000004276281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff5040b3fccb76c2022-01-04 14:18:19.461root 11241100x80000000000000004276282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57b8120e4d276712022-01-04 14:18:19.461root 11241100x80000000000000004276283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d32205e5912bef2022-01-04 14:18:19.461root 11241100x80000000000000004276284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e16edf2799bead2022-01-04 14:18:19.461root 11241100x80000000000000004276285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7412777549356e9f2022-01-04 14:18:19.461root 11241100x80000000000000004276286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1d2318cd695a6c2022-01-04 14:18:19.461root 11241100x80000000000000004276287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e80cc62b9573f7a2022-01-04 14:18:19.461root 11241100x80000000000000004276288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9daa379531436a12022-01-04 14:18:19.461root 11241100x80000000000000004276289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b26dae374ed942022-01-04 14:18:19.959root 11241100x80000000000000004276290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982a8e394979f972022-01-04 14:18:19.959root 11241100x80000000000000004276291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7072fde850f4dc42022-01-04 14:18:19.959root 11241100x80000000000000004276292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c4d0823ac3dc02022-01-04 14:18:19.959root 11241100x80000000000000004276293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199a20b269789d182022-01-04 14:18:19.960root 11241100x80000000000000004276294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a9fadf33015bad2022-01-04 14:18:19.960root 11241100x80000000000000004276295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f128746b0b1292022-01-04 14:18:19.960root 11241100x80000000000000004276296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417bc1ca665ba11f2022-01-04 14:18:19.960root 11241100x80000000000000004276297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdfc4071ecc39cd2022-01-04 14:18:19.960root 11241100x80000000000000004276298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efff2221c5562ff2022-01-04 14:18:19.960root 11241100x80000000000000004276299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fda60c5f1839992022-01-04 14:18:19.960root 11241100x80000000000000004276300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540bf993c3a0d7c2022-01-04 14:18:19.961root 11241100x80000000000000004276301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f2bb38c2b188e2022-01-04 14:18:19.961root 11241100x80000000000000004276302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afe631b581a687e2022-01-04 14:18:19.961root 11241100x80000000000000004276303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a2b7547f2f8d3a2022-01-04 14:18:19.961root 11241100x80000000000000004276304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79e77cd272a805b2022-01-04 14:18:19.961root 11241100x80000000000000004276305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73db291dfdd2c7c2022-01-04 14:18:19.961root 11241100x80000000000000004276306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2193c11de0b3122022-01-04 14:18:19.961root 11241100x80000000000000004276307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e38a1b9371025d62022-01-04 14:18:19.962root 354300x80000000000000004276308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.032{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41498-false10.0.1.12-8000- 11241100x80000000000000004276309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c390ba15e8f00f2022-01-04 14:18:20.459root 11241100x80000000000000004276310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd903c83e469cab2022-01-04 14:18:20.459root 11241100x80000000000000004276311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a03e8c2f5f4432022-01-04 14:18:20.460root 11241100x80000000000000004276312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e30feb82f29272022-01-04 14:18:20.460root 11241100x80000000000000004276313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb01319eec9cd492022-01-04 14:18:20.460root 11241100x80000000000000004276314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b4ee8abc996d552022-01-04 14:18:20.460root 11241100x80000000000000004276315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50504ca3c4cd4b362022-01-04 14:18:20.460root 11241100x80000000000000004276316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97283734d8e152852022-01-04 14:18:20.460root 11241100x80000000000000004276317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1c633aa7075d702022-01-04 14:18:20.461root 11241100x80000000000000004276318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc81545b5562982022-01-04 14:18:20.461root 11241100x80000000000000004276319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033d1dfcdadef3c22022-01-04 14:18:20.461root 11241100x80000000000000004276320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08386479c696da452022-01-04 14:18:20.461root 11241100x80000000000000004276321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27b8cae30584de2022-01-04 14:18:20.461root 11241100x80000000000000004276322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d6f9b20315a7102022-01-04 14:18:20.461root 11241100x80000000000000004276323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe9abdc1c57de4f2022-01-04 14:18:20.461root 11241100x80000000000000004276324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012ad816b189ff822022-01-04 14:18:20.461root 11241100x80000000000000004276325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29640a4be0e6f8fc2022-01-04 14:18:20.461root 11241100x80000000000000004276326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691043ac2cd3f07a2022-01-04 14:18:20.461root 11241100x80000000000000004276327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e89401e75b6a27b2022-01-04 14:18:20.461root 11241100x80000000000000004276328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aac192cabd2f362022-01-04 14:18:20.462root 11241100x80000000000000004276329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c811caa4697733f2022-01-04 14:18:20.462root 11241100x80000000000000004276330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be08caf06cd3901b2022-01-04 14:18:20.959root 11241100x80000000000000004276331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab155adbf20ffc1a2022-01-04 14:18:20.960root 11241100x80000000000000004276332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633010f662504c002022-01-04 14:18:20.960root 11241100x80000000000000004276333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52970d988ae57bb2022-01-04 14:18:20.960root 11241100x80000000000000004276334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9abf8370712300e2022-01-04 14:18:20.960root 11241100x80000000000000004276335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f3d40849c4c5892022-01-04 14:18:20.961root 11241100x80000000000000004276336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d46f4bd3239dda2022-01-04 14:18:20.961root 11241100x80000000000000004276337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91665db38f5194e2022-01-04 14:18:20.961root 11241100x80000000000000004276338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dff03f79d890712022-01-04 14:18:20.961root 11241100x80000000000000004276339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb161189559a732022-01-04 14:18:20.961root 11241100x80000000000000004276340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4797ce52df350d962022-01-04 14:18:20.961root 11241100x80000000000000004276341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e894bec5ce31f62022-01-04 14:18:20.961root 11241100x80000000000000004276342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f845791801af6df22022-01-04 14:18:20.961root 11241100x80000000000000004276343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3cea745e791efd2022-01-04 14:18:20.961root 11241100x80000000000000004276344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcb53323fed31fc2022-01-04 14:18:20.961root 11241100x80000000000000004276345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c103af0c47dff2d32022-01-04 14:18:20.961root 11241100x80000000000000004276346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39363b6e148d1db42022-01-04 14:18:20.961root 11241100x80000000000000004276347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834e8ba90366a21f2022-01-04 14:18:20.962root 11241100x80000000000000004276348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380647f9cb8b86db2022-01-04 14:18:20.962root 11241100x80000000000000004276349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d01d142f44241de2022-01-04 14:18:20.962root 11241100x80000000000000004276350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e99561dd6f0202022-01-04 14:18:21.460root 11241100x80000000000000004276351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8274115160c2596d2022-01-04 14:18:21.460root 11241100x80000000000000004276352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4568a65e2d4447d42022-01-04 14:18:21.460root 11241100x80000000000000004276353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b870736ed9187d2022-01-04 14:18:21.460root 11241100x80000000000000004276354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acff1829f4191a902022-01-04 14:18:21.460root 11241100x80000000000000004276355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e3ed9f3c06c8a62022-01-04 14:18:21.461root 11241100x80000000000000004276356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad083cdb6007676d2022-01-04 14:18:21.461root 11241100x80000000000000004276357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1639ea344683ddd22022-01-04 14:18:21.461root 11241100x80000000000000004276358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb32fe08dc80c942022-01-04 14:18:21.461root 11241100x80000000000000004276359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0730a5661dea3efb2022-01-04 14:18:21.461root 11241100x80000000000000004276360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649be4906da761042022-01-04 14:18:21.462root 11241100x80000000000000004276361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc5eee1d25010252022-01-04 14:18:21.462root 11241100x80000000000000004276362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1f4a597947c6382022-01-04 14:18:21.462root 11241100x80000000000000004276363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b17d3d066edcc2022-01-04 14:18:21.462root 11241100x80000000000000004276364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b13938c9bc5380f2022-01-04 14:18:21.462root 11241100x80000000000000004276365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1075f81bd489442022-01-04 14:18:21.462root 11241100x80000000000000004276366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9bb120abf2a9052022-01-04 14:18:21.462root 11241100x80000000000000004276367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953900afd52a56142022-01-04 14:18:21.463root 11241100x80000000000000004276368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ea726ec79a08852022-01-04 14:18:21.463root 11241100x80000000000000004276369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8106c67a83ecca142022-01-04 14:18:21.463root 11241100x80000000000000004276370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff923edb6fde06e2022-01-04 14:18:21.959root 11241100x80000000000000004276371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178f706cd8c35f2a2022-01-04 14:18:21.960root 11241100x80000000000000004276372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1645004aa0a59ba2022-01-04 14:18:21.960root 11241100x80000000000000004276373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca88ebc81c0c75b2022-01-04 14:18:21.960root 11241100x80000000000000004276374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ecf1874a164c922022-01-04 14:18:21.960root 11241100x80000000000000004276375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730a3b8d1a35c5202022-01-04 14:18:21.960root 11241100x80000000000000004276376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927aabd76f00dfda2022-01-04 14:18:21.960root 11241100x80000000000000004276377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408f54063dce910f2022-01-04 14:18:21.960root 11241100x80000000000000004276378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b84f7186c1c3912022-01-04 14:18:21.960root 11241100x80000000000000004276379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb217dcfe8de09b2022-01-04 14:18:21.960root 11241100x80000000000000004276380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957a4f450815af282022-01-04 14:18:21.960root 11241100x80000000000000004276381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffad64e735d57e32022-01-04 14:18:21.960root 11241100x80000000000000004276382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b0f55da19aa3242022-01-04 14:18:21.960root 11241100x80000000000000004276383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fa3488298025b62022-01-04 14:18:21.960root 11241100x80000000000000004276384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04601b768f6aa2182022-01-04 14:18:21.960root 11241100x80000000000000004276385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ac2c8fee848e332022-01-04 14:18:21.961root 11241100x80000000000000004276386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5d58d4e2b94bdb2022-01-04 14:18:21.961root 11241100x80000000000000004276387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ac819a08df1ac2022-01-04 14:18:21.961root 11241100x80000000000000004276388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98c3ce216a788a92022-01-04 14:18:21.961root 11241100x80000000000000004276389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593aaea2806a77502022-01-04 14:18:21.961root 11241100x80000000000000004276390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d4d7dc069799c52022-01-04 14:18:22.460root 11241100x80000000000000004276391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd5f34ca5060f02022-01-04 14:18:22.460root 11241100x80000000000000004276392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515380cbdf96df1e2022-01-04 14:18:22.460root 11241100x80000000000000004276393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d16bbc62144c362022-01-04 14:18:22.460root 11241100x80000000000000004276394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4b8b2795a01c012022-01-04 14:18:22.460root 11241100x80000000000000004276395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d259b38c7fbfa2022-01-04 14:18:22.460root 11241100x80000000000000004276396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4f8bed78b0790c2022-01-04 14:18:22.460root 11241100x80000000000000004276397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62aa9ab2394d3732022-01-04 14:18:22.460root 11241100x80000000000000004276398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126d455aa3b72bac2022-01-04 14:18:22.460root 11241100x80000000000000004276399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ce621bdfd2c5612022-01-04 14:18:22.460root 11241100x80000000000000004276400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c97fd9f4c8964b2022-01-04 14:18:22.460root 11241100x80000000000000004276401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636539524fc1772f2022-01-04 14:18:22.460root 11241100x80000000000000004276402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8e95e7caf26bf52022-01-04 14:18:22.461root 11241100x80000000000000004276403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c4708cff5f80812022-01-04 14:18:22.461root 11241100x80000000000000004276404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88423871a6411b7c2022-01-04 14:18:22.461root 11241100x80000000000000004276405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9d3c8a10a62352022-01-04 14:18:22.461root 11241100x80000000000000004276406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1234dd10c579cdf52022-01-04 14:18:22.461root 11241100x80000000000000004276407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23822bdfc6b3fe882022-01-04 14:18:22.461root 11241100x80000000000000004276408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e999d8c1b5082c6f2022-01-04 14:18:22.461root 11241100x80000000000000004276409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96056de162f12fc92022-01-04 14:18:22.461root 11241100x80000000000000004276410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055f89bbf9ccacc2022-01-04 14:18:22.960root 11241100x80000000000000004276411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67212cb61c955132022-01-04 14:18:22.960root 11241100x80000000000000004276412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a081bcd25b399a2022-01-04 14:18:22.960root 11241100x80000000000000004276413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd35a416d1ae7b62022-01-04 14:18:22.960root 11241100x80000000000000004276414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365c6a4e11271e02022-01-04 14:18:22.960root 11241100x80000000000000004276415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96dfe8105e8c6102022-01-04 14:18:22.960root 11241100x80000000000000004276416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7007794bafed34262022-01-04 14:18:22.960root 11241100x80000000000000004276417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35fe7155ff719662022-01-04 14:18:22.960root 11241100x80000000000000004276418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72525a49eb9570932022-01-04 14:18:22.960root 11241100x80000000000000004276419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba827078e4db56dd2022-01-04 14:18:22.960root 11241100x80000000000000004276420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f787a16cc19f69822022-01-04 14:18:22.961root 11241100x80000000000000004276421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b67c9d6fa1564032022-01-04 14:18:22.961root 11241100x80000000000000004276422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb506fb9a2b632002022-01-04 14:18:22.961root 11241100x80000000000000004276423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a217d36c8fc5c7b02022-01-04 14:18:22.961root 11241100x80000000000000004276424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621dfb6dbdc6833e2022-01-04 14:18:22.961root 11241100x80000000000000004276425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f7978c84e837c62022-01-04 14:18:22.961root 11241100x80000000000000004276426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20c9a36e9d8e9d2022-01-04 14:18:22.961root 11241100x80000000000000004276427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35941bb9935e933f2022-01-04 14:18:22.961root 11241100x80000000000000004276428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da5361b22247cfa2022-01-04 14:18:22.961root 11241100x80000000000000004276429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998ede2159048642022-01-04 14:18:22.961root 11241100x80000000000000004276430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88da97acd7a29f872022-01-04 14:18:23.460root 11241100x80000000000000004276431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a543500524f4222022-01-04 14:18:23.460root 11241100x80000000000000004276432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122902a84c1c14cc2022-01-04 14:18:23.460root 11241100x80000000000000004276433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf63601a4deddd712022-01-04 14:18:23.460root 11241100x80000000000000004276434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91ea1392ad4671c2022-01-04 14:18:23.460root 11241100x80000000000000004276435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b026f6739278db642022-01-04 14:18:23.460root 11241100x80000000000000004276436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953e41462d3e0a7e2022-01-04 14:18:23.460root 11241100x80000000000000004276437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287f193f53b84aab2022-01-04 14:18:23.460root 11241100x80000000000000004276438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffc4d25043f12f72022-01-04 14:18:23.460root 11241100x80000000000000004276439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e58da96e0f6cd02022-01-04 14:18:23.460root 11241100x80000000000000004276440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c93fdbd6b5666482022-01-04 14:18:23.460root 11241100x80000000000000004276441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1df8ef3cc006b52022-01-04 14:18:23.460root 11241100x80000000000000004276442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb52381152d7f8812022-01-04 14:18:23.460root 11241100x80000000000000004276443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a89ac93130f9e672022-01-04 14:18:23.461root 11241100x80000000000000004276444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd34d5c75ab146892022-01-04 14:18:23.461root 11241100x80000000000000004276445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042d3c96a1ece2d92022-01-04 14:18:23.461root 11241100x80000000000000004276446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ce18974ace6da92022-01-04 14:18:23.461root 11241100x80000000000000004276447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429cd8a281aac82e2022-01-04 14:18:23.461root 11241100x80000000000000004276448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7660251588f62d2a2022-01-04 14:18:23.461root 11241100x80000000000000004276449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b690eec6ca10b892022-01-04 14:18:23.461root 11241100x80000000000000004276450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e082c798795b302022-01-04 14:18:23.959root 11241100x80000000000000004276451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2bb80284e361342022-01-04 14:18:23.959root 11241100x80000000000000004276452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb5e1835ff9125c2022-01-04 14:18:23.959root 11241100x80000000000000004276453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ecfd5aba5a87402022-01-04 14:18:23.959root 11241100x80000000000000004276454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32e4fa4639487bc2022-01-04 14:18:23.959root 11241100x80000000000000004276455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba725975193e0c962022-01-04 14:18:23.960root 11241100x80000000000000004276456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f2a30143b5d7ff2022-01-04 14:18:23.960root 11241100x80000000000000004276457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78ddde2f0b3d282022-01-04 14:18:23.960root 11241100x80000000000000004276458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22b9fe2ed6381242022-01-04 14:18:23.960root 11241100x80000000000000004276459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cf08ee331f080a2022-01-04 14:18:23.960root 11241100x80000000000000004276460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca32d4e231eae7672022-01-04 14:18:23.960root 11241100x80000000000000004276461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffde575be18c3362022-01-04 14:18:23.960root 11241100x80000000000000004276462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3767a7b53c3c80fc2022-01-04 14:18:23.960root 11241100x80000000000000004276463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeee24a901d50e022022-01-04 14:18:23.960root 11241100x80000000000000004276464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063e1e4f4e7866822022-01-04 14:18:23.960root 11241100x80000000000000004276465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265000e46c541fb2022-01-04 14:18:23.960root 11241100x80000000000000004276466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33caf4f787135e92022-01-04 14:18:23.960root 11241100x80000000000000004276467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e6619a2f5853442022-01-04 14:18:23.960root 11241100x80000000000000004276468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf64556ad0c5d412022-01-04 14:18:23.960root 11241100x80000000000000004276469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df06522a9a95b6c2022-01-04 14:18:23.961root 11241100x80000000000000004276470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c2a353c62c91e2022-01-04 14:18:23.961root 11241100x80000000000000004276471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b11d1b7ae5260a2022-01-04 14:18:24.459root 11241100x80000000000000004276472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1beb06e9cf57702022-01-04 14:18:24.459root 11241100x80000000000000004276473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d1311055ebdf682022-01-04 14:18:24.460root 11241100x80000000000000004276474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71847b5df5b08802022-01-04 14:18:24.460root 11241100x80000000000000004276475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1d382702e98afd2022-01-04 14:18:24.460root 11241100x80000000000000004276476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fc0842bf389ee92022-01-04 14:18:24.460root 11241100x80000000000000004276477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29909c3d84e7174b2022-01-04 14:18:24.460root 11241100x80000000000000004276478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7a4ac29be5f8ad2022-01-04 14:18:24.460root 11241100x80000000000000004276479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4b2fe858431c0d2022-01-04 14:18:24.460root 11241100x80000000000000004276480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea14f43360101202022-01-04 14:18:24.460root 11241100x80000000000000004276481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291d862114dc946b2022-01-04 14:18:24.460root 11241100x80000000000000004276482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1081a6c2144ab27a2022-01-04 14:18:24.460root 11241100x80000000000000004276483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39feb1991ba36b492022-01-04 14:18:24.460root 11241100x80000000000000004276484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fafb4b58020d9c2022-01-04 14:18:24.460root 11241100x80000000000000004276485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825412d5c2c4feb22022-01-04 14:18:24.460root 11241100x80000000000000004276486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f8e3db3150fbd72022-01-04 14:18:24.461root 11241100x80000000000000004276487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aaf7c8779acf002022-01-04 14:18:24.461root 11241100x80000000000000004276488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ae81b60e8ea2e02022-01-04 14:18:24.461root 11241100x80000000000000004276489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2808c020b553d482022-01-04 14:18:24.461root 11241100x80000000000000004276490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826d675f43689c262022-01-04 14:18:24.461root 11241100x80000000000000004276491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae1a6eb75f3d4662022-01-04 14:18:24.960root 11241100x80000000000000004276492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcba3d9f85a94062022-01-04 14:18:24.960root 11241100x80000000000000004276493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d4bc8fec048b882022-01-04 14:18:24.960root 11241100x80000000000000004276494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7646823ad691cd8b2022-01-04 14:18:24.960root 11241100x80000000000000004276495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24a958c856a4c002022-01-04 14:18:24.960root 11241100x80000000000000004276496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8c91e8abafff712022-01-04 14:18:24.960root 11241100x80000000000000004276497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f090567a559da2d2022-01-04 14:18:24.960root 11241100x80000000000000004276498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9f38f0cdda8e7e2022-01-04 14:18:24.960root 11241100x80000000000000004276499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6cd645e26f8b982022-01-04 14:18:24.960root 11241100x80000000000000004276500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c601219440b94e2022-01-04 14:18:24.960root 11241100x80000000000000004276501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a12e77511ac324e2022-01-04 14:18:24.960root 11241100x80000000000000004276502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4608ac1fb6341d2022-01-04 14:18:24.960root 11241100x80000000000000004276503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b585d0e3d89e2b2022-01-04 14:18:24.961root 11241100x80000000000000004276504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e58d8c29103c742022-01-04 14:18:24.961root 11241100x80000000000000004276505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bc1854cd4a18742022-01-04 14:18:24.961root 11241100x80000000000000004276506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c24c787d23aed2022-01-04 14:18:24.961root 11241100x80000000000000004276507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad6e5ab6eab3cc52022-01-04 14:18:24.961root 11241100x80000000000000004276508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfc57486bed79002022-01-04 14:18:24.961root 11241100x80000000000000004276509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13045892ff65a5d2022-01-04 14:18:24.961root 11241100x80000000000000004276510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5746e8e3f7dc3cbc2022-01-04 14:18:24.961root 354300x80000000000000004276511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.245{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41500-false10.0.1.12-8000- 11241100x80000000000000004276512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c14ecb54d3b1f92022-01-04 14:18:25.246root 11241100x80000000000000004276513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3762036998ac32022-01-04 14:18:25.246root 11241100x80000000000000004276514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a539ab06c5aebf442022-01-04 14:18:25.246root 11241100x80000000000000004276515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f49f2007917a2e2022-01-04 14:18:25.246root 11241100x80000000000000004276516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78336333fbd533e2022-01-04 14:18:25.246root 11241100x80000000000000004276517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51e041a3d6f6cf62022-01-04 14:18:25.247root 11241100x80000000000000004276518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3dac3de34105f72022-01-04 14:18:25.247root 11241100x80000000000000004276519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0e97b2fc5ee9342022-01-04 14:18:25.247root 11241100x80000000000000004276520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2883168d054ce2302022-01-04 14:18:25.247root 11241100x80000000000000004276521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9470ad45e226052022-01-04 14:18:25.247root 11241100x80000000000000004276522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aa12e4471455a62022-01-04 14:18:25.247root 11241100x80000000000000004276523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4aeaa768e35ee02022-01-04 14:18:25.247root 11241100x80000000000000004276524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9151dba8da47bc32022-01-04 14:18:25.247root 11241100x80000000000000004276525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f03f884c2400c12022-01-04 14:18:25.247root 11241100x80000000000000004276526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d32089c61c4c5c2022-01-04 14:18:25.247root 11241100x80000000000000004276527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4815d74714843bbe2022-01-04 14:18:25.247root 11241100x80000000000000004276528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79ac4facc7bd6162022-01-04 14:18:25.247root 11241100x80000000000000004276529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8a2844226ceea82022-01-04 14:18:25.247root 11241100x80000000000000004276530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5006c6cc5ee07a22022-01-04 14:18:25.248root 11241100x80000000000000004276531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a822543c52afb34c2022-01-04 14:18:25.248root 11241100x80000000000000004276532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea987e4a67e2ce72022-01-04 14:18:25.248root 11241100x80000000000000004276533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a5a6afb94acbab2022-01-04 14:18:25.248root 11241100x80000000000000004276534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398e3fea8e38bf42022-01-04 14:18:25.248root 11241100x80000000000000004276535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1bffe5e37d02e52022-01-04 14:18:25.248root 11241100x80000000000000004276536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f7301b32869332022-01-04 14:18:25.711root 11241100x80000000000000004276537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cface889e3cb662022-01-04 14:18:25.711root 11241100x80000000000000004276538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff7042b7ebebd3f2022-01-04 14:18:25.711root 11241100x80000000000000004276539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc46559cd71beb02022-01-04 14:18:25.711root 11241100x80000000000000004276540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce21d8b1fabb1a402022-01-04 14:18:25.711root 11241100x80000000000000004276541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75dae974f92547f2022-01-04 14:18:25.711root 11241100x80000000000000004276542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2716cfb0f1e0532b2022-01-04 14:18:25.711root 11241100x80000000000000004276543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aecdc6eef79ac462022-01-04 14:18:25.711root 11241100x80000000000000004276544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ae1093830efb7e2022-01-04 14:18:25.711root 11241100x80000000000000004276545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8802c593ba09d92022-01-04 14:18:25.712root 11241100x80000000000000004276546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a85d982a159be1c2022-01-04 14:18:25.712root 11241100x80000000000000004276547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd587377eaa43c52022-01-04 14:18:25.712root 11241100x80000000000000004276548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e7846ea0a59312022-01-04 14:18:25.712root 11241100x80000000000000004276549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e76ca7adcaac8912022-01-04 14:18:25.712root 11241100x80000000000000004276550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6338af29bd452b2022-01-04 14:18:25.712root 11241100x80000000000000004276551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c17778d990b92cb2022-01-04 14:18:25.712root 11241100x80000000000000004276552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9a8b414a935c942022-01-04 14:18:25.712root 11241100x80000000000000004276553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4066c8bee473dca2022-01-04 14:18:25.713root 11241100x80000000000000004276554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163fe2fc734f7dfc2022-01-04 14:18:25.713root 11241100x80000000000000004276555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a53b4fd662fd6562022-01-04 14:18:25.713root 11241100x80000000000000004276556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3b4fe523a1e3a2022-01-04 14:18:25.713root 11241100x80000000000000004276557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009615a50da8a9a82022-01-04 14:18:26.210root 11241100x80000000000000004276558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd65996bb0f4ea002022-01-04 14:18:26.210root 11241100x80000000000000004276559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a719908b18da3042022-01-04 14:18:26.210root 11241100x80000000000000004276560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbd0444980207f2022-01-04 14:18:26.210root 11241100x80000000000000004276561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411798067bd264eb2022-01-04 14:18:26.210root 11241100x80000000000000004276562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16af79dd18e25a42022-01-04 14:18:26.210root 11241100x80000000000000004276563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330d6004a60f3de32022-01-04 14:18:26.210root 11241100x80000000000000004276564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe7bea9b850a532022-01-04 14:18:26.210root 11241100x80000000000000004276565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172385a4488d2d1f2022-01-04 14:18:26.210root 11241100x80000000000000004276566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c552ae612279842022-01-04 14:18:26.210root 11241100x80000000000000004276567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ae5fc318e5e0f2022-01-04 14:18:26.210root 11241100x80000000000000004276568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3011fb0857419482022-01-04 14:18:26.211root 11241100x80000000000000004276569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ea7e3267f887bd2022-01-04 14:18:26.211root 11241100x80000000000000004276570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c26c2508a726832022-01-04 14:18:26.211root 11241100x80000000000000004276571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a8c8c4e6e886902022-01-04 14:18:26.211root 11241100x80000000000000004276572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9115f42966d101122022-01-04 14:18:26.211root 11241100x80000000000000004276573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce3a407cfc288ea2022-01-04 14:18:26.211root 11241100x80000000000000004276574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04bf2ebb29ea2602022-01-04 14:18:26.211root 11241100x80000000000000004276575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad931edcf8566a92022-01-04 14:18:26.211root 11241100x80000000000000004276576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a742c6fbae5ce392022-01-04 14:18:26.211root 11241100x80000000000000004276577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e887a562b873f04a2022-01-04 14:18:26.211root 11241100x80000000000000004276578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446704b01b0b700a2022-01-04 14:18:26.710root 11241100x80000000000000004276579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a207f4aab5742092022-01-04 14:18:26.710root 11241100x80000000000000004276580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80609fc679c4c07c2022-01-04 14:18:26.710root 11241100x80000000000000004276581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671552b2cb5f07922022-01-04 14:18:26.710root 11241100x80000000000000004276582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6976e3034449c0bd2022-01-04 14:18:26.711root 11241100x80000000000000004276583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1189970c135efa42022-01-04 14:18:26.711root 11241100x80000000000000004276584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72293e56232c8722022-01-04 14:18:26.711root 11241100x80000000000000004276585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760a9bcffc7f1f802022-01-04 14:18:26.711root 11241100x80000000000000004276586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e911d24b71f5152022-01-04 14:18:26.711root 11241100x80000000000000004276587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912d87390911b46a2022-01-04 14:18:26.711root 11241100x80000000000000004276588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc11ddbeef7f422022-01-04 14:18:26.711root 11241100x80000000000000004276589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7a1f8268ee30662022-01-04 14:18:26.712root 11241100x80000000000000004276590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc236f4e0b5d4102022-01-04 14:18:26.712root 11241100x80000000000000004276591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c334b1dd32cd967d2022-01-04 14:18:26.712root 11241100x80000000000000004276592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5e43325be32e432022-01-04 14:18:26.712root 11241100x80000000000000004276593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e9c9502e25503b2022-01-04 14:18:26.712root 11241100x80000000000000004276594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7fe8a247387ed72022-01-04 14:18:26.712root 11241100x80000000000000004276595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d63c50984f209872022-01-04 14:18:26.712root 11241100x80000000000000004276596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceada708f73f3f92022-01-04 14:18:26.712root 11241100x80000000000000004276597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9a046e07dcd8442022-01-04 14:18:26.712root 11241100x80000000000000004276598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa13b6900883502022-01-04 14:18:26.713root 354300x80000000000000004276599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.131{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41982-false10.0.1.12-8089- 11241100x80000000000000004276600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.132{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4323df87a78dc042022-01-04 14:18:27.132root 11241100x80000000000000004276601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.132{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74db0949018f12922022-01-04 14:18:27.132root 11241100x80000000000000004276602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aeb037f1a08d5b2022-01-04 14:18:27.133root 11241100x80000000000000004276603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8996f48812b30ac12022-01-04 14:18:27.133root 11241100x80000000000000004276604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d78468f3749e9a2022-01-04 14:18:27.133root 11241100x80000000000000004276605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f011c350d7de05982022-01-04 14:18:27.133root 11241100x80000000000000004276606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e845fdb0f549162022-01-04 14:18:27.133root 11241100x80000000000000004276607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e78ced8ccf402572022-01-04 14:18:27.133root 11241100x80000000000000004276608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b5419144278d262022-01-04 14:18:27.134root 11241100x80000000000000004276609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6cbee2716497872022-01-04 14:18:27.134root 11241100x80000000000000004276610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32b7403785c800d2022-01-04 14:18:27.134root 11241100x80000000000000004276611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0609cd18f8686d432022-01-04 14:18:27.134root 11241100x80000000000000004276612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac4b76c641ee9922022-01-04 14:18:27.134root 11241100x80000000000000004276613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aa0d5c36b55fcf2022-01-04 14:18:27.134root 11241100x80000000000000004276614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb6e7eb1ecbd1e02022-01-04 14:18:27.135root 11241100x80000000000000004276615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3039bc24ee34d5f72022-01-04 14:18:27.135root 11241100x80000000000000004276616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cff93186625ac12022-01-04 14:18:27.135root 11241100x80000000000000004276617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e214b0b9bfb5f1992022-01-04 14:18:27.135root 11241100x80000000000000004276618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afb0c5c5da7669d2022-01-04 14:18:27.135root 11241100x80000000000000004276619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3943302ff2dc97572022-01-04 14:18:27.135root 11241100x80000000000000004276620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86f41662f1da612022-01-04 14:18:27.135root 11241100x80000000000000004276621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b3fe5d292d2af12022-01-04 14:18:27.135root 11241100x80000000000000004276622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1accee1b8d90433f2022-01-04 14:18:27.460root 11241100x80000000000000004276623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3524cf89b2a7642022-01-04 14:18:27.460root 11241100x80000000000000004276624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd36626da8146192022-01-04 14:18:27.460root 11241100x80000000000000004276625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc60c288d81baca2022-01-04 14:18:27.460root 11241100x80000000000000004276626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd5057a3ed94bf2022-01-04 14:18:27.460root 11241100x80000000000000004276627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ce8321f5e3cff32022-01-04 14:18:27.460root 11241100x80000000000000004276628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f966a292f0022d182022-01-04 14:18:27.460root 11241100x80000000000000004276629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dd99bb61b2c95e2022-01-04 14:18:27.460root 11241100x80000000000000004276630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f466f637fdcf9782022-01-04 14:18:27.460root 11241100x80000000000000004276631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374089ccc98037df2022-01-04 14:18:27.460root 11241100x80000000000000004276632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a151b5fe6a86e82022-01-04 14:18:27.460root 11241100x80000000000000004276633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a14cb04106364d2022-01-04 14:18:27.461root 11241100x80000000000000004276634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d66ac4fc56678fe2022-01-04 14:18:27.461root 11241100x80000000000000004276635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7c3a8aed40efcc2022-01-04 14:18:27.461root 11241100x80000000000000004276636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944fb44ba5a3f45a2022-01-04 14:18:27.461root 11241100x80000000000000004276637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff2ad7692084102022-01-04 14:18:27.461root 11241100x80000000000000004276638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1983df48b2486f0c2022-01-04 14:18:27.461root 11241100x80000000000000004276639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df75cf6d215298162022-01-04 14:18:27.461root 11241100x80000000000000004276640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f2ece5a942fc9d2022-01-04 14:18:27.461root 11241100x80000000000000004276641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74173d727fd92512022-01-04 14:18:27.461root 11241100x80000000000000004276642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a77b116540c46812022-01-04 14:18:27.461root 11241100x80000000000000004276643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3d4fad9bc28ef2022-01-04 14:18:27.461root 11241100x80000000000000004276644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4904b39d163337212022-01-04 14:18:27.959root 11241100x80000000000000004276645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d7ead735c1e15a2022-01-04 14:18:27.959root 11241100x80000000000000004276646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e51fb7df9a56e6b2022-01-04 14:18:27.959root 11241100x80000000000000004276647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea10c80b4487ec782022-01-04 14:18:27.959root 11241100x80000000000000004276648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de514d18ff163fc2022-01-04 14:18:27.959root 11241100x80000000000000004276649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e878bc5c4926a632022-01-04 14:18:27.960root 11241100x80000000000000004276650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edde7501e2f4b0612022-01-04 14:18:27.960root 11241100x80000000000000004276651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27c17c79bf87962022-01-04 14:18:27.960root 11241100x80000000000000004276652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60f198186095f1b2022-01-04 14:18:27.960root 11241100x80000000000000004276653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f0ab51913fcd9e2022-01-04 14:18:27.960root 11241100x80000000000000004276654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88661c1c529eb2f2022-01-04 14:18:27.960root 11241100x80000000000000004276655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad16658a4900c3e52022-01-04 14:18:27.960root 11241100x80000000000000004276656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e433fbee3a9682022-01-04 14:18:27.960root 11241100x80000000000000004276657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07bb004fcf12a1f2022-01-04 14:18:27.960root 11241100x80000000000000004276658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b89a26050979b1a2022-01-04 14:18:27.960root 11241100x80000000000000004276659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44243e613b612aef2022-01-04 14:18:27.960root 11241100x80000000000000004276660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329c537dccd37dc2022-01-04 14:18:27.961root 11241100x80000000000000004276661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9bd1dfffa9e8972022-01-04 14:18:27.961root 11241100x80000000000000004276662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a94c092460a3182022-01-04 14:18:27.961root 11241100x80000000000000004276663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8db1c6d0347aad2022-01-04 14:18:27.961root 11241100x80000000000000004276664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc9b349a13be61c2022-01-04 14:18:27.961root 11241100x80000000000000004276665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5c2ab50c64fa412022-01-04 14:18:27.961root 11241100x80000000000000004276666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595311dceef54e142022-01-04 14:18:28.459root 11241100x80000000000000004276667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e3bbf49b8240ce2022-01-04 14:18:28.459root 11241100x80000000000000004276668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6082bcdbc6faf02022-01-04 14:18:28.459root 11241100x80000000000000004276669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f71841e521042292022-01-04 14:18:28.460root 11241100x80000000000000004276670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddacf853fb7860b2022-01-04 14:18:28.460root 11241100x80000000000000004276671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a979382f8a83df352022-01-04 14:18:28.460root 11241100x80000000000000004276672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7b9b2a49e78252022-01-04 14:18:28.460root 11241100x80000000000000004276673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fbd2321c13d9fb2022-01-04 14:18:28.460root 11241100x80000000000000004276674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f6b38b09e4ef642022-01-04 14:18:28.460root 11241100x80000000000000004276675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b6fc2d4a9c6b5b2022-01-04 14:18:28.460root 11241100x80000000000000004276676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56502960604b328e2022-01-04 14:18:28.460root 11241100x80000000000000004276677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f17d48791f1b42022-01-04 14:18:28.460root 11241100x80000000000000004276678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f313e1790680f95f2022-01-04 14:18:28.460root 11241100x80000000000000004276679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf9f3204167e9dc2022-01-04 14:18:28.460root 11241100x80000000000000004276680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4284263828c629742022-01-04 14:18:28.461root 11241100x80000000000000004276681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c51863aae1eb132022-01-04 14:18:28.461root 11241100x80000000000000004276682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1501aae007ccda92022-01-04 14:18:28.461root 11241100x80000000000000004276683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607515a4d2d245b22022-01-04 14:18:28.461root 11241100x80000000000000004276684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96ac2f5fec211c02022-01-04 14:18:28.461root 11241100x80000000000000004276685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03bc5bbf5ad928c2022-01-04 14:18:28.461root 11241100x80000000000000004276686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af061d0c894003272022-01-04 14:18:28.461root 11241100x80000000000000004276687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea6c44dcaac367b2022-01-04 14:18:28.461root 11241100x80000000000000004276688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db59b0cadcbdccf2022-01-04 14:18:28.959root 11241100x80000000000000004276689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377fe45c70517bc32022-01-04 14:18:28.960root 11241100x80000000000000004276690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b5a19a511547a2022-01-04 14:18:28.960root 11241100x80000000000000004276691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aa0ab737a4c62b2022-01-04 14:18:28.960root 11241100x80000000000000004276692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b170e93da47dda8a2022-01-04 14:18:28.960root 11241100x80000000000000004276693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40091947bbad1bcb2022-01-04 14:18:28.960root 11241100x80000000000000004276694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8298240f623cf5302022-01-04 14:18:28.960root 11241100x80000000000000004276695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb64e69a7a2e2e562022-01-04 14:18:28.960root 11241100x80000000000000004276696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f8c4339ec9ac782022-01-04 14:18:28.960root 11241100x80000000000000004276697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d32cee415072fb2022-01-04 14:18:28.960root 11241100x80000000000000004276698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d4a953bd3121c92022-01-04 14:18:28.960root 11241100x80000000000000004276699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bacfd93a4555562022-01-04 14:18:28.960root 11241100x80000000000000004276700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acde4feeea75115c2022-01-04 14:18:28.960root 11241100x80000000000000004276701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1b43c0a911bc722022-01-04 14:18:28.960root 11241100x80000000000000004276702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a0fc9fc8c907a22022-01-04 14:18:28.960root 11241100x80000000000000004276703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c50112264d6ef52022-01-04 14:18:28.961root 11241100x80000000000000004276704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abda4a22b1be0d22022-01-04 14:18:28.961root 11241100x80000000000000004276705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b272763fb3761b132022-01-04 14:18:28.961root 11241100x80000000000000004276706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9835c67ccef2d8582022-01-04 14:18:28.961root 11241100x80000000000000004276707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39961d3f608fc0c82022-01-04 14:18:28.961root 11241100x80000000000000004276708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9114514aab8a6bb32022-01-04 14:18:28.961root 11241100x80000000000000004276709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0952c21f96226962022-01-04 14:18:28.961root 11241100x80000000000000004276710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c23d7ee30c5d6f2022-01-04 14:18:29.460root 11241100x80000000000000004276711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78cae95e731914f2022-01-04 14:18:29.460root 11241100x80000000000000004276712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4d3516906805352022-01-04 14:18:29.460root 11241100x80000000000000004276713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7be1c0f6d7db1c2022-01-04 14:18:29.460root 11241100x80000000000000004276714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22e51f47ef42df42022-01-04 14:18:29.460root 11241100x80000000000000004276715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc7e2c2a3ba56282022-01-04 14:18:29.460root 11241100x80000000000000004276716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dd364a9157fede2022-01-04 14:18:29.460root 11241100x80000000000000004276717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e266933274ec1632022-01-04 14:18:29.460root 11241100x80000000000000004276718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d7bea74644b2b42022-01-04 14:18:29.460root 11241100x80000000000000004276719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f255d8765167482022-01-04 14:18:29.461root 11241100x80000000000000004276720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ef54a1baf2bff52022-01-04 14:18:29.462root 11241100x80000000000000004276721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189473e1b7d5cc262022-01-04 14:18:29.462root 11241100x80000000000000004276722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3b9cff400d339f2022-01-04 14:18:29.462root 11241100x80000000000000004276723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c01e7df78818732022-01-04 14:18:29.462root 11241100x80000000000000004276724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a831083d5db525aa2022-01-04 14:18:29.462root 11241100x80000000000000004276725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c45d305c51633372022-01-04 14:18:29.462root 11241100x80000000000000004276726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75ba99ff9ed5b782022-01-04 14:18:29.463root 11241100x80000000000000004276727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20020fa661c95a9e2022-01-04 14:18:29.463root 11241100x80000000000000004276728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0def9fc834aef91a2022-01-04 14:18:29.463root 11241100x80000000000000004276729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3a7ba4b2ce29122022-01-04 14:18:29.463root 11241100x80000000000000004276730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7ea0e5469400872022-01-04 14:18:29.463root 11241100x80000000000000004276731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24814593b7294d3c2022-01-04 14:18:29.463root 11241100x80000000000000004276732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165b0c2486812f922022-01-04 14:18:29.959root 11241100x80000000000000004276733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b89094d264872fa2022-01-04 14:18:29.959root 11241100x80000000000000004276734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88968bf7dde0054c2022-01-04 14:18:29.960root 11241100x80000000000000004276735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44968b79c02d2ff2022-01-04 14:18:29.960root 11241100x80000000000000004276736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e63f54551f8dad22022-01-04 14:18:29.960root 11241100x80000000000000004276737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0bc6e94944b0752022-01-04 14:18:29.960root 11241100x80000000000000004276738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139152c0f8a19d8a2022-01-04 14:18:29.961root 11241100x80000000000000004276739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f083b9df3bf0ab42022-01-04 14:18:29.961root 11241100x80000000000000004276740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879ce8f0d30bf1e02022-01-04 14:18:29.961root 11241100x80000000000000004276741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0514dbe7005a9002022-01-04 14:18:29.961root 11241100x80000000000000004276742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69da339fff3b3a62022-01-04 14:18:29.962root 11241100x80000000000000004276743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7c4293d7eece672022-01-04 14:18:29.962root 11241100x80000000000000004276744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfd35899e1ce8732022-01-04 14:18:29.962root 11241100x80000000000000004276745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafb3ee09206c5ac2022-01-04 14:18:29.962root 11241100x80000000000000004276746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eae64db43b3f27a2022-01-04 14:18:29.962root 11241100x80000000000000004276747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebd5305bd8843e62022-01-04 14:18:29.962root 11241100x80000000000000004276748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be8ef750266ce262022-01-04 14:18:29.962root 11241100x80000000000000004276749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b8f11df8c534102022-01-04 14:18:29.963root 11241100x80000000000000004276750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959a0907ef78f1ba2022-01-04 14:18:29.963root 11241100x80000000000000004276751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a4af5c9ae1d8ae2022-01-04 14:18:29.963root 11241100x80000000000000004276752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcda9362b9069ad2022-01-04 14:18:29.963root 11241100x80000000000000004276753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e90ce7625a3abe2022-01-04 14:18:29.963root 11241100x80000000000000004276754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f58cd3682e04e952022-01-04 14:18:30.459root 11241100x80000000000000004276755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abad0b60c5702d92022-01-04 14:18:30.459root 11241100x80000000000000004276756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adfd75fc27c21042022-01-04 14:18:30.460root 11241100x80000000000000004276757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e644f2502314dd552022-01-04 14:18:30.460root 11241100x80000000000000004276758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8e9d38fe02daeb2022-01-04 14:18:30.460root 11241100x80000000000000004276759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b9a371cc09e6fa2022-01-04 14:18:30.460root 11241100x80000000000000004276760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6487146728a455c2022-01-04 14:18:30.460root 11241100x80000000000000004276761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccbe8bb739018032022-01-04 14:18:30.461root 11241100x80000000000000004276762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01068d5eb5a86802022-01-04 14:18:30.461root 11241100x80000000000000004276763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf4154874225bf12022-01-04 14:18:30.461root 11241100x80000000000000004276764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94623363e712d7b12022-01-04 14:18:30.461root 11241100x80000000000000004276765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80087150e224168e2022-01-04 14:18:30.461root 11241100x80000000000000004276766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6744b9c6ca57a7162022-01-04 14:18:30.462root 11241100x80000000000000004276767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0967aa457f505372022-01-04 14:18:30.462root 11241100x80000000000000004276768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51fee8cc676e2a2022-01-04 14:18:30.462root 11241100x80000000000000004276769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5022099feb93f3992022-01-04 14:18:30.462root 11241100x80000000000000004276770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c59b9473b497872022-01-04 14:18:30.462root 11241100x80000000000000004276771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c446a900455531802022-01-04 14:18:30.463root 11241100x80000000000000004276772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdfb7628aaf35472022-01-04 14:18:30.463root 11241100x80000000000000004276773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798988d6f3ce8b8c2022-01-04 14:18:30.463root 11241100x80000000000000004276774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38c00591c1521e2022-01-04 14:18:30.463root 11241100x80000000000000004276775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356d6f642a3c4a942022-01-04 14:18:30.463root 11241100x80000000000000004276776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfbba48b6bf41f2022-01-04 14:18:30.464root 11241100x80000000000000004276777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2f24d8ab88a14a2022-01-04 14:18:30.959root 11241100x80000000000000004276778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8258cfd0a9f0192022-01-04 14:18:30.960root 11241100x80000000000000004276779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dee77f7e6d8c852022-01-04 14:18:30.960root 11241100x80000000000000004276780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4551c1db3538adf72022-01-04 14:18:30.960root 11241100x80000000000000004276781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d67219b19a41982022-01-04 14:18:30.960root 11241100x80000000000000004276782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ff3d4188c500b2022-01-04 14:18:30.961root 11241100x80000000000000004276783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b52ff51a3a4fb172022-01-04 14:18:30.961root 11241100x80000000000000004276784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a7b52e992124762022-01-04 14:18:30.961root 11241100x80000000000000004276785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c4a8be457274442022-01-04 14:18:30.961root 11241100x80000000000000004276786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c71c37065dcc242022-01-04 14:18:30.961root 11241100x80000000000000004276787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3ed5a7f888a672022-01-04 14:18:30.961root 11241100x80000000000000004276788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd8e3e08f0138772022-01-04 14:18:30.961root 11241100x80000000000000004276789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd49d100f10ea0b02022-01-04 14:18:30.961root 11241100x80000000000000004276790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3360907a5676d72022-01-04 14:18:30.961root 11241100x80000000000000004276791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729275791c0b51a22022-01-04 14:18:30.961root 11241100x80000000000000004276792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6ed6597ecdfa242022-01-04 14:18:30.962root 11241100x80000000000000004276793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892cdf6d5a72bbd62022-01-04 14:18:30.962root 11241100x80000000000000004276794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c38b8087f19ff32022-01-04 14:18:30.962root 11241100x80000000000000004276795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbff93d08c8d5e72022-01-04 14:18:30.962root 11241100x80000000000000004276796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376217303f623f492022-01-04 14:18:30.962root 11241100x80000000000000004276797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2b681160616e6f2022-01-04 14:18:30.962root 11241100x80000000000000004276798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8077b8778831482022-01-04 14:18:30.962root 354300x80000000000000004276799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.055{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41504-false10.0.1.12-8000- 11241100x80000000000000004276800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:18:31.221root 11241100x80000000000000004276801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af477be075fab432022-01-04 14:18:31.222root 11241100x80000000000000004276802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5199d510991969a2022-01-04 14:18:31.222root 11241100x80000000000000004276803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8decc55bee7f632022-01-04 14:18:31.222root 11241100x80000000000000004276804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f86e585d7f5e1a2022-01-04 14:18:31.222root 11241100x80000000000000004276805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba15e25a11224342022-01-04 14:18:31.223root 11241100x80000000000000004276806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d7a128220f304d2022-01-04 14:18:31.223root 11241100x80000000000000004276807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be957845af36a12022-01-04 14:18:31.223root 11241100x80000000000000004276808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26dce738277374a2022-01-04 14:18:31.223root 11241100x80000000000000004276809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec8ee2e153000ca2022-01-04 14:18:31.223root 11241100x80000000000000004276810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465061559bca3a7f2022-01-04 14:18:31.224root 11241100x80000000000000004276811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744888988f9634e92022-01-04 14:18:31.224root 11241100x80000000000000004276812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aef0d9363b77942022-01-04 14:18:31.224root 11241100x80000000000000004276813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df26dc7bf57b7dd2022-01-04 14:18:31.225root 11241100x80000000000000004276814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce87cc3461ab2bf2022-01-04 14:18:31.226root 11241100x80000000000000004276815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd486ed4c46a5cb02022-01-04 14:18:31.226root 11241100x80000000000000004276816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e49cad11f6892b2022-01-04 14:18:31.227root 11241100x80000000000000004276817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c416df0c1737e9d72022-01-04 14:18:31.227root 11241100x80000000000000004276818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc5801d70c617342022-01-04 14:18:31.228root 11241100x80000000000000004276819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803597640e2d6c0e2022-01-04 14:18:31.228root 11241100x80000000000000004276820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad48f52fe65fe1e32022-01-04 14:18:31.229root 11241100x80000000000000004276821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4c495add16e1762022-01-04 14:18:31.229root 11241100x80000000000000004276822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa78f3ddfd256d42022-01-04 14:18:31.229root 11241100x80000000000000004276823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c7153562166c062022-01-04 14:18:31.229root 11241100x80000000000000004276824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce62d4944b8a9572022-01-04 14:18:31.230root 11241100x80000000000000004276825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b97f7ef477941f2022-01-04 14:18:31.709root 11241100x80000000000000004276826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1615d93fa33f59612022-01-04 14:18:31.709root 11241100x80000000000000004276827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db83bf925531100d2022-01-04 14:18:31.710root 11241100x80000000000000004276828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e9f751c9cfc63b2022-01-04 14:18:31.710root 11241100x80000000000000004276829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aca488cc4c74d72022-01-04 14:18:31.710root 11241100x80000000000000004276830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeb05c1651f81622022-01-04 14:18:31.710root 11241100x80000000000000004276831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c31de961e3161352022-01-04 14:18:31.710root 11241100x80000000000000004276832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92219c3e2e64be02022-01-04 14:18:31.710root 11241100x80000000000000004276833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa85742401f1062022-01-04 14:18:31.710root 11241100x80000000000000004276834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd5d8e3c9bca9432022-01-04 14:18:31.710root 11241100x80000000000000004276835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d873a0a42e4977c42022-01-04 14:18:31.710root 11241100x80000000000000004276836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db5903d910e3eb42022-01-04 14:18:31.710root 11241100x80000000000000004276837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e58fe3e88c2a5de2022-01-04 14:18:31.711root 11241100x80000000000000004276838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c5db507de59172022-01-04 14:18:31.711root 11241100x80000000000000004276839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d996c3d17633cece2022-01-04 14:18:31.711root 11241100x80000000000000004276840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fd95a99763cee02022-01-04 14:18:31.711root 11241100x80000000000000004276841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fb1ced0794e32e2022-01-04 14:18:31.711root 11241100x80000000000000004276842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ef48d216e7c0802022-01-04 14:18:31.711root 11241100x80000000000000004276843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fea5cba257b4852022-01-04 14:18:31.711root 11241100x80000000000000004276844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a311176344d68f2022-01-04 14:18:31.711root 11241100x80000000000000004276845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580fe3d799f6d2182022-01-04 14:18:31.711root 11241100x80000000000000004276846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd1578beb481c0e2022-01-04 14:18:31.711root 11241100x80000000000000004276847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104322db6b54625f2022-01-04 14:18:31.711root 11241100x80000000000000004276848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ccd00c1024aa032022-01-04 14:18:31.712root 11241100x80000000000000004276849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaab79da66f63742022-01-04 14:18:32.209root 11241100x80000000000000004276850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f339c158898cb4292022-01-04 14:18:32.209root 11241100x80000000000000004276851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa8e789f214cf7a2022-01-04 14:18:32.210root 11241100x80000000000000004276852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b823ddeb823e9332022-01-04 14:18:32.210root 11241100x80000000000000004276853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e560d0227cbcb5a2022-01-04 14:18:32.210root 11241100x80000000000000004276854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f809befef8db962022-01-04 14:18:32.210root 11241100x80000000000000004276855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d222e4ced867ddd2022-01-04 14:18:32.210root 11241100x80000000000000004276856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961c977706bbf13c2022-01-04 14:18:32.210root 11241100x80000000000000004276857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a792e0746ad904b62022-01-04 14:18:32.210root 11241100x80000000000000004276858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552e8a0768e62a072022-01-04 14:18:32.210root 11241100x80000000000000004276859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087350678e31844e2022-01-04 14:18:32.210root 11241100x80000000000000004276860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57387773352b8102022-01-04 14:18:32.210root 11241100x80000000000000004276861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff76c4411fb8a6f32022-01-04 14:18:32.211root 11241100x80000000000000004276862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dcac3ca57f3d542022-01-04 14:18:32.211root 11241100x80000000000000004276863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c44cdb389f6562022-01-04 14:18:32.211root 11241100x80000000000000004276864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c733e3008e08e52022-01-04 14:18:32.211root 11241100x80000000000000004276865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2286e6695b7ae1622022-01-04 14:18:32.211root 11241100x80000000000000004276866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565ae245be2efc572022-01-04 14:18:32.211root 11241100x80000000000000004276867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d14c7251ef530d2022-01-04 14:18:32.211root 11241100x80000000000000004276868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a24301119a1b4642022-01-04 14:18:32.211root 11241100x80000000000000004276869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2790fa206e613a8c2022-01-04 14:18:32.211root 11241100x80000000000000004276870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef464e148e253a732022-01-04 14:18:32.212root 11241100x80000000000000004276871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08835a9eb03764c52022-01-04 14:18:32.212root 11241100x80000000000000004276872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4281948f8e733412022-01-04 14:18:32.212root 11241100x80000000000000004276873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e390f81743e40c2022-01-04 14:18:32.709root 11241100x80000000000000004276874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e02d533622c0e6d2022-01-04 14:18:32.709root 11241100x80000000000000004276875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abad43e8d21fa6992022-01-04 14:18:32.710root 11241100x80000000000000004276876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11412b70bcd4506e2022-01-04 14:18:32.710root 11241100x80000000000000004276877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e388804f3d436722022-01-04 14:18:32.710root 11241100x80000000000000004276878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d011683f590502022-01-04 14:18:32.710root 11241100x80000000000000004276879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca939cb65f4fcfe92022-01-04 14:18:32.710root 11241100x80000000000000004276880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24349c8d25bde012022-01-04 14:18:32.710root 11241100x80000000000000004276881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac994df9486e36722022-01-04 14:18:32.710root 11241100x80000000000000004276882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de53349c36002d762022-01-04 14:18:32.710root 11241100x80000000000000004276883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e269d7e6018f192022-01-04 14:18:32.710root 11241100x80000000000000004276884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019117025dd8a22b2022-01-04 14:18:32.710root 11241100x80000000000000004276885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86baf5de2036b16e2022-01-04 14:18:32.711root 11241100x80000000000000004276886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eaf5e99426f0562022-01-04 14:18:32.711root 11241100x80000000000000004276887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11736889713534142022-01-04 14:18:32.711root 11241100x80000000000000004276888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e28e7a6652d22f2022-01-04 14:18:32.711root 11241100x80000000000000004276889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532d71cf6f7400bb2022-01-04 14:18:32.711root 11241100x80000000000000004276890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beafdb92a17dce82022-01-04 14:18:32.711root 11241100x80000000000000004276891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89837cc3417414072022-01-04 14:18:32.711root 11241100x80000000000000004276892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126697d63dddd4882022-01-04 14:18:32.711root 11241100x80000000000000004276893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184a8a4cf126fcde2022-01-04 14:18:32.711root 11241100x80000000000000004276894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a7a09364aa29112022-01-04 14:18:32.712root 11241100x80000000000000004276895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7ccb578fe99a262022-01-04 14:18:32.712root 11241100x80000000000000004276896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ac2907d295a2632022-01-04 14:18:32.712root 11241100x80000000000000004276897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a617353fb0eb12022-01-04 14:18:33.209root 11241100x80000000000000004276898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ff2e8e279cc8b72022-01-04 14:18:33.210root 11241100x80000000000000004276899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606cff0db4a1436b2022-01-04 14:18:33.210root 11241100x80000000000000004276900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9105ee8908ea442022-01-04 14:18:33.210root 11241100x80000000000000004276901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4748cf55fa83868a2022-01-04 14:18:33.210root 11241100x80000000000000004276902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf4532f15c281302022-01-04 14:18:33.211root 11241100x80000000000000004276903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0a40a552225bd2022-01-04 14:18:33.211root 11241100x80000000000000004276904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff899b21a1a6ea82022-01-04 14:18:33.211root 11241100x80000000000000004276905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d591a5918e793612022-01-04 14:18:33.211root 11241100x80000000000000004276906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80cfe694446f1762022-01-04 14:18:33.211root 11241100x80000000000000004276907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eaf2a45c1ec3762022-01-04 14:18:33.212root 11241100x80000000000000004276908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c308ffb8332822022-01-04 14:18:33.212root 11241100x80000000000000004276909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03df8c62c41a9c92022-01-04 14:18:33.213root 11241100x80000000000000004276910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2ed4506f557f02022-01-04 14:18:33.214root 11241100x80000000000000004276911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b14930be42dc1a2022-01-04 14:18:33.214root 11241100x80000000000000004276912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db9b264edc14afd2022-01-04 14:18:33.214root 11241100x80000000000000004276913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3900005236c19e302022-01-04 14:18:33.215root 11241100x80000000000000004276914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb56b2714e5caf2022-01-04 14:18:33.215root 11241100x80000000000000004276915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c27aaa005da8b92022-01-04 14:18:33.216root 11241100x80000000000000004276916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cd00db988461ff2022-01-04 14:18:33.216root 11241100x80000000000000004276917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27457343ef99ce412022-01-04 14:18:33.216root 11241100x80000000000000004276918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c208a42b19b3ecae2022-01-04 14:18:33.217root 11241100x80000000000000004276919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69f49ca3eaa3fdd2022-01-04 14:18:33.218root 11241100x80000000000000004276920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1873b23097f8028c2022-01-04 14:18:33.218root 11241100x80000000000000004276921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950f430d0275dc832022-01-04 14:18:33.220root 11241100x80000000000000004276922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124507e8d934446c2022-01-04 14:18:33.710root 11241100x80000000000000004276923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5530deb715e3437c2022-01-04 14:18:33.710root 11241100x80000000000000004276924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdaa2156ec0a1182022-01-04 14:18:33.710root 11241100x80000000000000004276925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7392436d73105aeb2022-01-04 14:18:33.711root 11241100x80000000000000004276926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3a78917ffae1582022-01-04 14:18:33.711root 11241100x80000000000000004276927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb07fb860feca12022-01-04 14:18:33.711root 11241100x80000000000000004276928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80352d7fae5a05432022-01-04 14:18:33.711root 11241100x80000000000000004276929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68505a4d4f2760e52022-01-04 14:18:33.711root 11241100x80000000000000004276930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca4a32fb6e42ef2022-01-04 14:18:33.711root 11241100x80000000000000004276931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475e09015d8466892022-01-04 14:18:33.711root 11241100x80000000000000004276932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514476389c5cadee2022-01-04 14:18:33.712root 11241100x80000000000000004276933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fd4b431804f5392022-01-04 14:18:33.712root 11241100x80000000000000004276934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6118343bfc092f32022-01-04 14:18:33.712root 11241100x80000000000000004276935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0727877e4421132022-01-04 14:18:33.712root 11241100x80000000000000004276936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cb49be6e3d3d0d2022-01-04 14:18:33.712root 11241100x80000000000000004276937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d67054a158c492b2022-01-04 14:18:33.712root 11241100x80000000000000004276938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a41a0774f3e7912022-01-04 14:18:33.712root 11241100x80000000000000004276939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34b0099c6a0e0ec2022-01-04 14:18:33.712root 11241100x80000000000000004276940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13495b075faa67dc2022-01-04 14:18:33.712root 11241100x80000000000000004276941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9389112bc1cc70f92022-01-04 14:18:33.713root 11241100x80000000000000004276942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c76809dc055eaa2022-01-04 14:18:33.713root 11241100x80000000000000004276943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14e94889a6d13af2022-01-04 14:18:33.713root 11241100x80000000000000004276944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6ffcb676610b202022-01-04 14:18:33.713root 11241100x80000000000000004276945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792a0bc7561504b2022-01-04 14:18:33.713root 23542300x80000000000000004276946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.133{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004276947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6312b27639a4c402022-01-04 14:18:34.134root 11241100x80000000000000004276948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78cb69f70ff26542022-01-04 14:18:34.134root 11241100x80000000000000004276949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07594cbc85b2d1e92022-01-04 14:18:34.134root 11241100x80000000000000004276950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfc704ae6ca147f2022-01-04 14:18:34.134root 11241100x80000000000000004276951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0fc62a9d01e3ec2022-01-04 14:18:34.134root 11241100x80000000000000004276952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd584ca382b438492022-01-04 14:18:34.134root 11241100x80000000000000004276953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452a2330b65e592b2022-01-04 14:18:34.134root 11241100x80000000000000004276954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ae8056c4ec3b9a2022-01-04 14:18:34.134root 11241100x80000000000000004276955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909708dcd1088ef2022-01-04 14:18:34.135root 11241100x80000000000000004276956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c41171a8a45b52022-01-04 14:18:34.135root 11241100x80000000000000004276957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7829349d7856fd82022-01-04 14:18:34.135root 11241100x80000000000000004276958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2c60bbaf29e16a2022-01-04 14:18:34.135root 11241100x80000000000000004276959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5ecaefff3157a92022-01-04 14:18:34.135root 11241100x80000000000000004276960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434af0dfe498644c2022-01-04 14:18:34.135root 11241100x80000000000000004276961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf9d15e8f54cd992022-01-04 14:18:34.135root 11241100x80000000000000004276962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33ed624c59870a92022-01-04 14:18:34.136root 11241100x80000000000000004276963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d315ffde535e522e2022-01-04 14:18:34.136root 11241100x80000000000000004276964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66508e39f8394482022-01-04 14:18:34.136root 11241100x80000000000000004276965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3c65ecd5a32cff2022-01-04 14:18:34.136root 11241100x80000000000000004276966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c16000083fcba2022-01-04 14:18:34.136root 11241100x80000000000000004276967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfec66cabba57d22022-01-04 14:18:34.136root 11241100x80000000000000004276968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa0ee1903efd4832022-01-04 14:18:34.136root 11241100x80000000000000004276969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a54a5d89598e02022-01-04 14:18:34.136root 11241100x80000000000000004276970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99457b6bc26571572022-01-04 14:18:34.137root 11241100x80000000000000004276971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b183c6c43943c2a72022-01-04 14:18:34.137root 11241100x80000000000000004276972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2d369b114e84732022-01-04 14:18:34.137root 11241100x80000000000000004276973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89885c5b0bb7a07b2022-01-04 14:18:34.460root 11241100x80000000000000004276974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f628c893fe289f632022-01-04 14:18:34.460root 11241100x80000000000000004276975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83f042ee52fc9322022-01-04 14:18:34.460root 11241100x80000000000000004276976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd5429a7cb4e032022-01-04 14:18:34.460root 11241100x80000000000000004276977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db522a16febf7d1b2022-01-04 14:18:34.460root 11241100x80000000000000004276978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7a2d045d1d7432022-01-04 14:18:34.461root 11241100x80000000000000004276979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8427fa701b28e912022-01-04 14:18:34.461root 11241100x80000000000000004276980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72f7b7ba0df4402022-01-04 14:18:34.461root 11241100x80000000000000004276981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24df95f01cdf57872022-01-04 14:18:34.461root 11241100x80000000000000004276982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451ca761a62ea2442022-01-04 14:18:34.461root 11241100x80000000000000004276983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8868e4d472f789432022-01-04 14:18:34.461root 11241100x80000000000000004276984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c1f8a2c6285ed32022-01-04 14:18:34.461root 11241100x80000000000000004276985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ec8828bf4d65e2022-01-04 14:18:34.462root 11241100x80000000000000004276986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d3227ae373e35b2022-01-04 14:18:34.462root 11241100x80000000000000004276987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e00f63c3e8da2e62022-01-04 14:18:34.462root 11241100x80000000000000004276988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2059b0d545d86802022-01-04 14:18:34.462root 11241100x80000000000000004276989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3886dfdb35c5c42022-01-04 14:18:34.462root 11241100x80000000000000004276990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990a84f1614deaee2022-01-04 14:18:34.462root 11241100x80000000000000004276991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6777a89beeba342022-01-04 14:18:34.462root 11241100x80000000000000004276992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978d040baca559f02022-01-04 14:18:34.462root 11241100x80000000000000004276993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b562b450cd274202022-01-04 14:18:34.462root 11241100x80000000000000004276994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7275bc33207ca512022-01-04 14:18:34.463root 11241100x80000000000000004276995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6e2a29def61d72022-01-04 14:18:34.463root 11241100x80000000000000004276996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7775dc59ae5d60f72022-01-04 14:18:34.463root 11241100x80000000000000004276997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c92d55214f8252022-01-04 14:18:34.463root 11241100x80000000000000004276998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f8304441a8cd102022-01-04 14:18:34.959root 11241100x80000000000000004276999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead627c7ba7d6b112022-01-04 14:18:34.959root 11241100x80000000000000004277000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af7a629ad713a32022-01-04 14:18:34.960root 11241100x80000000000000004277001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c11fa074044c83e2022-01-04 14:18:34.960root 11241100x80000000000000004277002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d05d5c7114fe802022-01-04 14:18:34.960root 11241100x80000000000000004277003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e53aa33e1cddc22022-01-04 14:18:34.960root 11241100x80000000000000004277004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3563854e5adf65f62022-01-04 14:18:34.960root 11241100x80000000000000004277005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b638b9b6f23c06332022-01-04 14:18:34.960root 11241100x80000000000000004277006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61af2e1f18c32cc2022-01-04 14:18:34.960root 11241100x80000000000000004277007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d5916b34a1b8372022-01-04 14:18:34.960root 11241100x80000000000000004277008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3469ce341d2089bd2022-01-04 14:18:34.960root 11241100x80000000000000004277009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aa16358430c3f82022-01-04 14:18:34.960root 11241100x80000000000000004277010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba94883820f8db2e2022-01-04 14:18:34.961root 11241100x80000000000000004277011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f812eb048d19674b2022-01-04 14:18:34.961root 11241100x80000000000000004277012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1905cc4f2f8a01b82022-01-04 14:18:34.961root 11241100x80000000000000004277013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff39c746f889932022-01-04 14:18:34.961root 11241100x80000000000000004277014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1952d382bffd2512022-01-04 14:18:34.961root 11241100x80000000000000004277015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2628beb40fefbdce2022-01-04 14:18:34.961root 11241100x80000000000000004277016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75ae0cc3150c4642022-01-04 14:18:34.961root 11241100x80000000000000004277017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c875cae42849ddf32022-01-04 14:18:34.962root 11241100x80000000000000004277018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54d0fd6bf24ad7a2022-01-04 14:18:34.962root 11241100x80000000000000004277019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18ff5404059d20d2022-01-04 14:18:34.962root 11241100x80000000000000004277020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aa0242b8f19ce32022-01-04 14:18:34.962root 11241100x80000000000000004277021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8d0bb7e196b83c2022-01-04 14:18:34.962root 11241100x80000000000000004277022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ed9bc00be4c28b2022-01-04 14:18:34.962root 11241100x80000000000000004277023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8039ac3db61d802022-01-04 14:18:35.459root 11241100x80000000000000004277024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7401cdca7760ad7b2022-01-04 14:18:35.459root 11241100x80000000000000004277025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48052034a53268c2022-01-04 14:18:35.459root 11241100x80000000000000004277026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cbffcece92c2192022-01-04 14:18:35.460root 11241100x80000000000000004277027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d838ce9df466ad0a2022-01-04 14:18:35.460root 11241100x80000000000000004277028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5cedb894a3ad442022-01-04 14:18:35.460root 11241100x80000000000000004277029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425596b5d1d8f2112022-01-04 14:18:35.460root 11241100x80000000000000004277030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89df32aa497caa952022-01-04 14:18:35.460root 11241100x80000000000000004277031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c93af9c28b9022022-01-04 14:18:35.460root 11241100x80000000000000004277032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccb3f9f2e2304d82022-01-04 14:18:35.460root 11241100x80000000000000004277033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c4393b2caada742022-01-04 14:18:35.461root 11241100x80000000000000004277034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b6e4262f06c1c32022-01-04 14:18:35.461root 11241100x80000000000000004277035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd1b1b6175420f2022-01-04 14:18:35.461root 11241100x80000000000000004277036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c5c0a797078d6a2022-01-04 14:18:35.461root 11241100x80000000000000004277037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af9516ab608afec2022-01-04 14:18:35.461root 11241100x80000000000000004277038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725a2b5637702f0d2022-01-04 14:18:35.461root 11241100x80000000000000004277039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7211ab78cd2724262022-01-04 14:18:35.461root 11241100x80000000000000004277040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3a1c8d3c2029f32022-01-04 14:18:35.461root 11241100x80000000000000004277041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44ff0052886ef102022-01-04 14:18:35.461root 11241100x80000000000000004277042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b57b022001a4fa2022-01-04 14:18:35.461root 11241100x80000000000000004277043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe0a2e644cfcee22022-01-04 14:18:35.461root 11241100x80000000000000004277044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace805b3aa7d96b52022-01-04 14:18:35.461root 11241100x80000000000000004277045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26257dd0c3a049b2022-01-04 14:18:35.461root 11241100x80000000000000004277046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecedaf622cac9fe2022-01-04 14:18:35.462root 11241100x80000000000000004277047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d92614be88b1f72022-01-04 14:18:35.462root 11241100x80000000000000004277048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bafa021dc898542022-01-04 14:18:35.462root 11241100x80000000000000004277049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f828186ddbacf2c2022-01-04 14:18:35.462root 11241100x80000000000000004277050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f781bb267464ce142022-01-04 14:18:35.462root 11241100x80000000000000004277051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35254fe8be7f987b2022-01-04 14:18:35.959root 11241100x80000000000000004277052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acaa52f81458e152022-01-04 14:18:35.959root 11241100x80000000000000004277053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d77ae26fd23ff2022-01-04 14:18:35.960root 11241100x80000000000000004277054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab76dd122200d3252022-01-04 14:18:35.960root 11241100x80000000000000004277055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8731dbdde9fce0ac2022-01-04 14:18:35.960root 11241100x80000000000000004277056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aa641797d723712022-01-04 14:18:35.960root 11241100x80000000000000004277057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c5215f2a88fe492022-01-04 14:18:35.960root 11241100x80000000000000004277058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c65baaf4b962c262022-01-04 14:18:35.960root 11241100x80000000000000004277059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a62913cc2279c5e2022-01-04 14:18:35.960root 11241100x80000000000000004277060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9949ec04c1027a0d2022-01-04 14:18:35.960root 11241100x80000000000000004277061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd165d035129db632022-01-04 14:18:35.960root 11241100x80000000000000004277062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25778f317831c8a32022-01-04 14:18:35.960root 11241100x80000000000000004277063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a8c81fd3ca02182022-01-04 14:18:35.961root 11241100x80000000000000004277064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7559b1fcb02724a92022-01-04 14:18:35.961root 11241100x80000000000000004277065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b139048ea69e6492022-01-04 14:18:35.961root 11241100x80000000000000004277066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8585afe6a4a5732f2022-01-04 14:18:35.961root 11241100x80000000000000004277067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1186392765f9c2022-01-04 14:18:35.961root 11241100x80000000000000004277068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97d7c87251884302022-01-04 14:18:35.961root 11241100x80000000000000004277069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec0c7fa01e27b632022-01-04 14:18:35.961root 11241100x80000000000000004277070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccb5cb8ee42f3cf2022-01-04 14:18:35.961root 11241100x80000000000000004277071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90967dc5cb97edb72022-01-04 14:18:35.961root 11241100x80000000000000004277072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefc56c068af99da2022-01-04 14:18:35.961root 11241100x80000000000000004277073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3231f8e72b748f2022-01-04 14:18:35.962root 11241100x80000000000000004277074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d08682441f0612022-01-04 14:18:35.962root 11241100x80000000000000004277075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd55cbbd605260b2022-01-04 14:18:35.962root 354300x80000000000000004277076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.119{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41506-false10.0.1.12-8000- 11241100x80000000000000004277077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63212d5da0b871e22022-01-04 14:18:36.459root 11241100x80000000000000004277078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1031db262f3e251d2022-01-04 14:18:36.460root 11241100x80000000000000004277079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcccfca6c63cce52022-01-04 14:18:36.460root 11241100x80000000000000004277080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05423327295b25402022-01-04 14:18:36.460root 11241100x80000000000000004277081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8307ee664a2624b82022-01-04 14:18:36.460root 11241100x80000000000000004277082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7532777d3afffbaa2022-01-04 14:18:36.460root 11241100x80000000000000004277083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034dcb921bb9e1a22022-01-04 14:18:36.461root 11241100x80000000000000004277084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba32c95ee930d62022-01-04 14:18:36.461root 11241100x80000000000000004277085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4665a3530cfcf2e2022-01-04 14:18:36.461root 11241100x80000000000000004277086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a2f04ef9f0b89a2022-01-04 14:18:36.461root 11241100x80000000000000004277087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413120a03902c252022-01-04 14:18:36.461root 11241100x80000000000000004277088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763cf644803678372022-01-04 14:18:36.461root 11241100x80000000000000004277089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b799abfade652342022-01-04 14:18:36.461root 11241100x80000000000000004277090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2c16a119ecf9122022-01-04 14:18:36.461root 11241100x80000000000000004277091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cf45dc6088338f2022-01-04 14:18:36.461root 11241100x80000000000000004277092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f0a94363d00bb02022-01-04 14:18:36.462root 11241100x80000000000000004277093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd9d414892260922022-01-04 14:18:36.462root 11241100x80000000000000004277094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2acf12ef8da16b32022-01-04 14:18:36.462root 11241100x80000000000000004277095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c2c93c915bf3032022-01-04 14:18:36.462root 11241100x80000000000000004277096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e091a679e6143ebb2022-01-04 14:18:36.462root 11241100x80000000000000004277097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478915de58f5981d2022-01-04 14:18:36.462root 11241100x80000000000000004277098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88db562f6d07d7a12022-01-04 14:18:36.462root 11241100x80000000000000004277099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85046b06a5651b022022-01-04 14:18:36.462root 11241100x80000000000000004277100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b85fab82375b9ad2022-01-04 14:18:36.462root 11241100x80000000000000004277101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80857b667b1fd8792022-01-04 14:18:36.463root 11241100x80000000000000004277102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f24a3ce030521c42022-01-04 14:18:36.463root 11241100x80000000000000004277103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77617b3b38b27f0c2022-01-04 14:18:36.960root 11241100x80000000000000004277104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e37653cc0a05e872022-01-04 14:18:36.960root 11241100x80000000000000004277105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ef949815a6946d2022-01-04 14:18:36.960root 11241100x80000000000000004277106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fd395d7018a44a2022-01-04 14:18:36.960root 11241100x80000000000000004277107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5257dbc874b6eb2022-01-04 14:18:36.960root 11241100x80000000000000004277108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7070117b89d8872022-01-04 14:18:36.960root 11241100x80000000000000004277109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3956a407fa9069a2022-01-04 14:18:36.961root 11241100x80000000000000004277110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa063c44f15e072022-01-04 14:18:36.961root 11241100x80000000000000004277111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3549ec2bc983b042022-01-04 14:18:36.961root 11241100x80000000000000004277112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ce052b0c6fd0212022-01-04 14:18:36.961root 11241100x80000000000000004277113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8517d98f3083d0772022-01-04 14:18:36.961root 11241100x80000000000000004277114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94c57866b1bebbd2022-01-04 14:18:36.961root 11241100x80000000000000004277115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b611240d5593f02022-01-04 14:18:36.961root 11241100x80000000000000004277116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec71be13ced9c26a2022-01-04 14:18:36.961root 11241100x80000000000000004277117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c734a4e587b64cab2022-01-04 14:18:36.961root 11241100x80000000000000004277118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df60c44d38adb27e2022-01-04 14:18:36.962root 11241100x80000000000000004277119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ce671d690887f72022-01-04 14:18:36.962root 11241100x80000000000000004277120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a045f39fa9c4f962022-01-04 14:18:36.962root 11241100x80000000000000004277121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8358a7920ef0f7032022-01-04 14:18:36.962root 11241100x80000000000000004277122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426df1cc55d763612022-01-04 14:18:36.962root 11241100x80000000000000004277123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe1fc6379123c762022-01-04 14:18:36.962root 11241100x80000000000000004277124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c887451b16f62992022-01-04 14:18:36.962root 11241100x80000000000000004277125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236682cd62eba1a82022-01-04 14:18:36.962root 11241100x80000000000000004277126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76496bbf42458862022-01-04 14:18:36.963root 11241100x80000000000000004277127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989cdd1a2154c3652022-01-04 14:18:36.963root 11241100x80000000000000004277128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7485ee155c6e2d2022-01-04 14:18:36.963root 11241100x80000000000000004277129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22b20490c6c883a2022-01-04 14:18:37.460root 11241100x80000000000000004277130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7a33fe49d3ce922022-01-04 14:18:37.460root 11241100x80000000000000004277131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab97e7174a1e0742022-01-04 14:18:37.460root 11241100x80000000000000004277132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64e4be794b4e52e2022-01-04 14:18:37.460root 11241100x80000000000000004277133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4b9459305600892022-01-04 14:18:37.460root 11241100x80000000000000004277134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3376c6d0316aad2022-01-04 14:18:37.461root 11241100x80000000000000004277135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90987158f6ee39262022-01-04 14:18:37.461root 11241100x80000000000000004277136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6891a50d976028152022-01-04 14:18:37.461root 11241100x80000000000000004277137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26917d5a6b4f895c2022-01-04 14:18:37.461root 11241100x80000000000000004277138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459cadd5d5a067412022-01-04 14:18:37.461root 11241100x80000000000000004277139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adceab1592efc00f2022-01-04 14:18:37.461root 11241100x80000000000000004277140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f67d9d0651271082022-01-04 14:18:37.461root 11241100x80000000000000004277141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4690cf9581e4942022-01-04 14:18:37.461root 11241100x80000000000000004277142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e4d3cf4d44f7012022-01-04 14:18:37.461root 11241100x80000000000000004277143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7db49f07454fdbb2022-01-04 14:18:37.462root 11241100x80000000000000004277144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1976ab28bef6c62022-01-04 14:18:37.462root 11241100x80000000000000004277145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e94d3e831745432022-01-04 14:18:37.462root 11241100x80000000000000004277146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8e885dae112dea2022-01-04 14:18:37.462root 11241100x80000000000000004277147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116fa44e5f2d6472022-01-04 14:18:37.462root 11241100x80000000000000004277148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69e0bbfc007b022022-01-04 14:18:37.462root 11241100x80000000000000004277149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a04802a9a3e7b12022-01-04 14:18:37.462root 11241100x80000000000000004277150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f79fb4e42f5bd4a2022-01-04 14:18:37.462root 11241100x80000000000000004277151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f4cfbcfbd2a1c2022-01-04 14:18:37.462root 11241100x80000000000000004277152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5b67bd4f87c08b2022-01-04 14:18:37.463root 11241100x80000000000000004277153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1775c50b70c79f2022-01-04 14:18:37.463root 11241100x80000000000000004277154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc23361a1546e95c2022-01-04 14:18:37.463root 11241100x80000000000000004277155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb65a27c6023c2a2022-01-04 14:18:37.959root 11241100x80000000000000004277156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c978c824da6576542022-01-04 14:18:37.959root 11241100x80000000000000004277157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dbbb03a17811422022-01-04 14:18:37.959root 11241100x80000000000000004277158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f83891079124eb2022-01-04 14:18:37.960root 11241100x80000000000000004277159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b864a0bc632eae3f2022-01-04 14:18:37.960root 11241100x80000000000000004277160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f15a6dcbda294912022-01-04 14:18:37.960root 11241100x80000000000000004277161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8c86eda0c29fdd2022-01-04 14:18:37.960root 11241100x80000000000000004277162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2dfaf0a7803b4e2022-01-04 14:18:37.960root 11241100x80000000000000004277163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de72963b92033342022-01-04 14:18:37.960root 11241100x80000000000000004277164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd91601073ab8992022-01-04 14:18:37.960root 11241100x80000000000000004277165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7711460991ae9d52022-01-04 14:18:37.960root 11241100x80000000000000004277166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d003f8da1c1932d2022-01-04 14:18:37.960root 11241100x80000000000000004277167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f528e09432c711322022-01-04 14:18:37.961root 11241100x80000000000000004277168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dc61259452f0732022-01-04 14:18:37.961root 11241100x80000000000000004277169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3951e58092efb6fb2022-01-04 14:18:37.961root 11241100x80000000000000004277170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307537d1f5b0b7aa2022-01-04 14:18:37.961root 11241100x80000000000000004277171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e23904fb68f4802022-01-04 14:18:37.961root 11241100x80000000000000004277172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b861eb1633a5069b2022-01-04 14:18:37.961root 11241100x80000000000000004277173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec8b3df0f7c8ca12022-01-04 14:18:37.961root 11241100x80000000000000004277174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9375e9fec89b5fb32022-01-04 14:18:37.961root 11241100x80000000000000004277175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ac35e850e990e32022-01-04 14:18:37.962root 11241100x80000000000000004277176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef8ccc910946e12022-01-04 14:18:37.962root 11241100x80000000000000004277177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bd2a25e63797662022-01-04 14:18:37.962root 11241100x80000000000000004277178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2593c042008d042022-01-04 14:18:37.962root 11241100x80000000000000004277179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030540d4fcb861a32022-01-04 14:18:37.962root 11241100x80000000000000004277180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942601145057afe2022-01-04 14:18:37.962root 11241100x80000000000000004277181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4625ed129c06012022-01-04 14:18:37.962root 11241100x80000000000000004277182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8242170e71449ecf2022-01-04 14:18:38.460root 11241100x80000000000000004277183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a741513f32348f2022-01-04 14:18:38.460root 11241100x80000000000000004277184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e65a020ba204bd92022-01-04 14:18:38.460root 11241100x80000000000000004277185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1464636fa4a5c22022-01-04 14:18:38.460root 11241100x80000000000000004277186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b19340c5e06c08f2022-01-04 14:18:38.460root 11241100x80000000000000004277187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a383b14c4b6ca1f62022-01-04 14:18:38.460root 11241100x80000000000000004277188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d3ec04e3f873742022-01-04 14:18:38.461root 11241100x80000000000000004277189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3243e35235123372022-01-04 14:18:38.461root 11241100x80000000000000004277190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6796a8f1ce966052022-01-04 14:18:38.461root 11241100x80000000000000004277191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c7da17d8a5f6152022-01-04 14:18:38.461root 11241100x80000000000000004277192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a02ec594b9a1792022-01-04 14:18:38.461root 11241100x80000000000000004277193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f20e68ff236e42022-01-04 14:18:38.461root 11241100x80000000000000004277194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6301f816351558072022-01-04 14:18:38.461root 11241100x80000000000000004277195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef11ce86f8046c292022-01-04 14:18:38.461root 11241100x80000000000000004277196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929314f5294d49ec2022-01-04 14:18:38.462root 11241100x80000000000000004277197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8902d5bcd74aabfd2022-01-04 14:18:38.462root 11241100x80000000000000004277198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95270ef915e7e88d2022-01-04 14:18:38.462root 11241100x80000000000000004277199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac296d5b0711852022-01-04 14:18:38.462root 11241100x80000000000000004277200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f7de1db1916a112022-01-04 14:18:38.462root 11241100x80000000000000004277201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87594082e36a89d82022-01-04 14:18:38.462root 11241100x80000000000000004277202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4429011fb7c66062022-01-04 14:18:38.462root 11241100x80000000000000004277203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f677e63edd1764be2022-01-04 14:18:38.462root 11241100x80000000000000004277204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c02865faa6bb2b2022-01-04 14:18:38.462root 11241100x80000000000000004277205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90704af7ad7f4c542022-01-04 14:18:38.462root 11241100x80000000000000004277206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62abca6b2f69b5aa2022-01-04 14:18:38.462root 11241100x80000000000000004277207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb27f157c950cd762022-01-04 14:18:38.462root 11241100x80000000000000004277208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c973b1a21e831ab52022-01-04 14:18:38.959root 11241100x80000000000000004277209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3680c17fa077012022-01-04 14:18:38.959root 11241100x80000000000000004277210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd587091fc3182b2022-01-04 14:18:38.960root 11241100x80000000000000004277211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cdee1f59eb25cd2022-01-04 14:18:38.960root 11241100x80000000000000004277212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59559bb5dca6a2f2022-01-04 14:18:38.960root 11241100x80000000000000004277213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c71c48614331312022-01-04 14:18:38.960root 11241100x80000000000000004277214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb731c8506f59782022-01-04 14:18:38.960root 11241100x80000000000000004277215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384dd5222ac1c6da2022-01-04 14:18:38.960root 11241100x80000000000000004277216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3de440d2486199e2022-01-04 14:18:38.960root 11241100x80000000000000004277217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23357bdd4451337e2022-01-04 14:18:38.960root 11241100x80000000000000004277218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decdeaeb91f776222022-01-04 14:18:38.960root 11241100x80000000000000004277219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3aa7b57641a9f92022-01-04 14:18:38.960root 11241100x80000000000000004277220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9936f794360f10632022-01-04 14:18:38.961root 11241100x80000000000000004277221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0de5bff4e5db4702022-01-04 14:18:38.961root 11241100x80000000000000004277222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ba6d04af614dd2022-01-04 14:18:38.961root 11241100x80000000000000004277223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47cda55eaa91132022-01-04 14:18:38.961root 11241100x80000000000000004277224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b0da444c6a9d572022-01-04 14:18:38.961root 11241100x80000000000000004277225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3c1de1cf5cdad32022-01-04 14:18:38.961root 11241100x80000000000000004277226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b5a2420c463a92022-01-04 14:18:38.961root 11241100x80000000000000004277227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970413bb68cc95442022-01-04 14:18:38.961root 11241100x80000000000000004277228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afd3600405a74782022-01-04 14:18:38.961root 11241100x80000000000000004277229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7640272b6b80d2022-01-04 14:18:38.961root 11241100x80000000000000004277230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b847865a278346292022-01-04 14:18:38.962root 11241100x80000000000000004277231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f17ab60d38f49cc2022-01-04 14:18:38.962root 11241100x80000000000000004277232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d404996702edf82022-01-04 14:18:38.962root 11241100x80000000000000004277233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c96756fc1e0a02022-01-04 14:18:38.962root 11241100x80000000000000004277234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2cef5ce06197fd2022-01-04 14:18:39.459root 11241100x80000000000000004277235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee37703b0aa4142022-01-04 14:18:39.459root 11241100x80000000000000004277236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e973a84f7bb4472022-01-04 14:18:39.460root 11241100x80000000000000004277237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a161bd1f02af5b82022-01-04 14:18:39.460root 11241100x80000000000000004277238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366e14092efe569a2022-01-04 14:18:39.460root 11241100x80000000000000004277239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb018b1a2d235f2022-01-04 14:18:39.460root 11241100x80000000000000004277240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d0e850983ddc4f2022-01-04 14:18:39.460root 11241100x80000000000000004277241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f67840ba65bc98c2022-01-04 14:18:39.461root 11241100x80000000000000004277242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44574b5b4bb09c12022-01-04 14:18:39.461root 11241100x80000000000000004277243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a73e5ef1d071172022-01-04 14:18:39.461root 11241100x80000000000000004277244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79575e8598952fea2022-01-04 14:18:39.461root 11241100x80000000000000004277245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cab4613d276a342022-01-04 14:18:39.461root 11241100x80000000000000004277246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d8d378f7efca862022-01-04 14:18:39.461root 11241100x80000000000000004277247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad863c26c7e35232022-01-04 14:18:39.461root 11241100x80000000000000004277248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8b4875bf34bd252022-01-04 14:18:39.461root 11241100x80000000000000004277249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a98653408cb3f322022-01-04 14:18:39.461root 11241100x80000000000000004277250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72375accfd521522022-01-04 14:18:39.461root 11241100x80000000000000004277251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853c12ece23459012022-01-04 14:18:39.461root 11241100x80000000000000004277252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d028a1279a42cb72022-01-04 14:18:39.461root 11241100x80000000000000004277253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51987dd79660eca92022-01-04 14:18:39.461root 11241100x80000000000000004277254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd504769644d1442022-01-04 14:18:39.461root 11241100x80000000000000004277255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a1a34024d30572022-01-04 14:18:39.462root 11241100x80000000000000004277256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8721b9d41e0633b2022-01-04 14:18:39.462root 11241100x80000000000000004277257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663bc1b6ddaf02d12022-01-04 14:18:39.462root 11241100x80000000000000004277258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5423a2cbc4e812562022-01-04 14:18:39.462root 11241100x80000000000000004277259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87088c2ab40d9582022-01-04 14:18:39.462root 11241100x80000000000000004277260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f343bd2d9a2a15d52022-01-04 14:18:39.959root 11241100x80000000000000004277261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f12d1a581b5e3352022-01-04 14:18:39.959root 11241100x80000000000000004277262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f204669fbcb71392022-01-04 14:18:39.959root 11241100x80000000000000004277263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a80afcf24edb42022-01-04 14:18:39.960root 11241100x80000000000000004277264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f0638b200f26c22022-01-04 14:18:39.960root 11241100x80000000000000004277265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f1167a9b6fb1a2022-01-04 14:18:39.960root 11241100x80000000000000004277266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6dc0b672a0f60f2022-01-04 14:18:39.960root 11241100x80000000000000004277267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ba9522ac83af902022-01-04 14:18:39.960root 11241100x80000000000000004277268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dd9b14b8470b052022-01-04 14:18:39.960root 11241100x80000000000000004277269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3c236d050678a72022-01-04 14:18:39.960root 11241100x80000000000000004277270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321aebd0ba0fefb52022-01-04 14:18:39.960root 11241100x80000000000000004277271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979d4a913c0207442022-01-04 14:18:39.960root 11241100x80000000000000004277272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f9fed59cfa0a7b2022-01-04 14:18:39.960root 11241100x80000000000000004277273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97759534f60ec3742022-01-04 14:18:39.960root 11241100x80000000000000004277274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae86741c5f5afdc2022-01-04 14:18:39.960root 11241100x80000000000000004277275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da901485afd39b82022-01-04 14:18:39.960root 11241100x80000000000000004277276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bea8004b8786a132022-01-04 14:18:39.960root 11241100x80000000000000004277277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd37c39bdbd75752022-01-04 14:18:39.960root 11241100x80000000000000004277278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f619e3de646b1db22022-01-04 14:18:39.961root 11241100x80000000000000004277279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4ec7c90ba8a9f12022-01-04 14:18:39.961root 11241100x80000000000000004277280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d153b113e172342022-01-04 14:18:39.961root 11241100x80000000000000004277281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9843e8245352d4272022-01-04 14:18:39.961root 11241100x80000000000000004277282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a4088c6e21a32a2022-01-04 14:18:39.961root 11241100x80000000000000004277283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2991ab87a142162022-01-04 14:18:39.961root 11241100x80000000000000004277284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8623cb2999cd29b22022-01-04 14:18:39.961root 11241100x80000000000000004277285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b7e275669ef7d12022-01-04 14:18:39.961root 11241100x80000000000000004277286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013a77bb31d7547d2022-01-04 14:18:40.460root 11241100x80000000000000004277287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36908dc1e1828af2022-01-04 14:18:40.460root 11241100x80000000000000004277288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316e4a9492242ec2022-01-04 14:18:40.460root 11241100x80000000000000004277289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d96244fa13afac2022-01-04 14:18:40.461root 11241100x80000000000000004277290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3a7f54f5b30e272022-01-04 14:18:40.461root 11241100x80000000000000004277291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248eb18c3535f7862022-01-04 14:18:40.461root 11241100x80000000000000004277292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0ebc0320955d722022-01-04 14:18:40.461root 11241100x80000000000000004277293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e896dd1a1bd6d242022-01-04 14:18:40.461root 11241100x80000000000000004277294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0e0d795c152ff12022-01-04 14:18:40.461root 11241100x80000000000000004277295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b3aa40668124a2022-01-04 14:18:40.462root 11241100x80000000000000004277296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d236574b57d3b73a2022-01-04 14:18:40.463root 11241100x80000000000000004277297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ba92a12d1ca5832022-01-04 14:18:40.463root 11241100x80000000000000004277298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd23db7bde6b6a52022-01-04 14:18:40.463root 11241100x80000000000000004277299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd971a5742740992022-01-04 14:18:40.463root 11241100x80000000000000004277300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03088aa2ae0b6412022-01-04 14:18:40.463root 11241100x80000000000000004277301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f274936b87a849cb2022-01-04 14:18:40.464root 11241100x80000000000000004277302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3f2f1005d1aff72022-01-04 14:18:40.464root 11241100x80000000000000004277303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829536de1b2c7cb42022-01-04 14:18:40.464root 11241100x80000000000000004277304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a361765437f2262022-01-04 14:18:40.464root 11241100x80000000000000004277305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8977e8a91d32a3152022-01-04 14:18:40.464root 11241100x80000000000000004277306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e18225167a0c352022-01-04 14:18:40.464root 11241100x80000000000000004277307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298a5a846c9b8d142022-01-04 14:18:40.464root 11241100x80000000000000004277308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e57b369a7adf232022-01-04 14:18:40.464root 11241100x80000000000000004277309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799c2b170e21471f2022-01-04 14:18:40.464root 11241100x80000000000000004277310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f183a54697a570202022-01-04 14:18:40.464root 11241100x80000000000000004277311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df131497a952c8eb2022-01-04 14:18:40.464root 11241100x80000000000000004277312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f448893f3ef0a52d2022-01-04 14:18:40.960root 11241100x80000000000000004277313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a7865f9dfe28e42022-01-04 14:18:40.960root 11241100x80000000000000004277314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6775bf21b91e53dd2022-01-04 14:18:40.960root 11241100x80000000000000004277315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a70e67e75d98b842022-01-04 14:18:40.960root 11241100x80000000000000004277316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3b797a51d610192022-01-04 14:18:40.960root 11241100x80000000000000004277317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c3ea571d431de92022-01-04 14:18:40.960root 11241100x80000000000000004277318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f95e1977b77ca282022-01-04 14:18:40.960root 11241100x80000000000000004277319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5cd12d62544cb12022-01-04 14:18:40.961root 11241100x80000000000000004277320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9ad89cdd81b3122022-01-04 14:18:40.961root 11241100x80000000000000004277321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c82ea4ef84c2c42022-01-04 14:18:40.961root 11241100x80000000000000004277322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f17d8ad5f432f82022-01-04 14:18:40.961root 11241100x80000000000000004277323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cad3cb5ff9221a2022-01-04 14:18:40.962root 11241100x80000000000000004277324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574888ee4ee47ec82022-01-04 14:18:40.962root 11241100x80000000000000004277325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb52a182b20682e2022-01-04 14:18:40.962root 11241100x80000000000000004277326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c03252c68741952022-01-04 14:18:40.962root 11241100x80000000000000004277327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b832d4ac0d4aa632022-01-04 14:18:40.962root 11241100x80000000000000004277328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd868251d934c2a32022-01-04 14:18:40.963root 11241100x80000000000000004277329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32298c3b26fde6592022-01-04 14:18:40.963root 11241100x80000000000000004277330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f58b9723724262022-01-04 14:18:40.963root 11241100x80000000000000004277331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57db34f73d8e26202022-01-04 14:18:40.963root 11241100x80000000000000004277332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8982b3fad953012022-01-04 14:18:40.963root 11241100x80000000000000004277333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d1b02273af20222022-01-04 14:18:40.963root 11241100x80000000000000004277334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ffd35f5e69cbb22022-01-04 14:18:40.963root 11241100x80000000000000004277335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f2691d4eebbdeb2022-01-04 14:18:40.963root 11241100x80000000000000004277336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7df5e2c00514f12022-01-04 14:18:40.963root 11241100x80000000000000004277337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113ea7f07bdd95062022-01-04 14:18:40.964root 354300x80000000000000004277338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.217{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41508-false10.0.1.12-8000- 11241100x80000000000000004277339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cbd743b1fa0f5e2022-01-04 14:18:41.218root 11241100x80000000000000004277340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d785e40cfdc8dd2022-01-04 14:18:41.218root 11241100x80000000000000004277341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e390a3389df9ec1e2022-01-04 14:18:41.218root 11241100x80000000000000004277342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2f37e713d22bea2022-01-04 14:18:41.218root 11241100x80000000000000004277343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6f75268011d6912022-01-04 14:18:41.218root 11241100x80000000000000004277344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba6c6f9996ac6c2022-01-04 14:18:41.219root 11241100x80000000000000004277345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28095bfbd1516bd72022-01-04 14:18:41.219root 11241100x80000000000000004277346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e844f1dde3ef5192022-01-04 14:18:41.219root 11241100x80000000000000004277347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948c55b7a6d5e462022-01-04 14:18:41.219root 11241100x80000000000000004277348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c719e6f1bc7ca2022-01-04 14:18:41.219root 11241100x80000000000000004277349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695064ecaa0b4f312022-01-04 14:18:41.219root 11241100x80000000000000004277350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a130bffac2d5912022-01-04 14:18:41.219root 11241100x80000000000000004277351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76dc2537027e2572022-01-04 14:18:41.219root 11241100x80000000000000004277352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80caf3433d4754b62022-01-04 14:18:41.220root 11241100x80000000000000004277353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5c3329aa7ab5db2022-01-04 14:18:41.220root 11241100x80000000000000004277354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96fec4ee9e87d522022-01-04 14:18:41.220root 11241100x80000000000000004277355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1826d3b4f8a66e7d2022-01-04 14:18:41.220root 11241100x80000000000000004277356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94198b88ea946232022-01-04 14:18:41.220root 11241100x80000000000000004277357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b365438a0be02362022-01-04 14:18:41.220root 11241100x80000000000000004277358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127c189419c323002022-01-04 14:18:41.221root 11241100x80000000000000004277359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdd6a80b49eddf82022-01-04 14:18:41.221root 11241100x80000000000000004277360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d781e49ab11f836b2022-01-04 14:18:41.221root 11241100x80000000000000004277361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a62e5c9a0f9f9f2022-01-04 14:18:41.221root 11241100x80000000000000004277362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eb4bd3927bb37d2022-01-04 14:18:41.221root 11241100x80000000000000004277363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b258ee128b1a63382022-01-04 14:18:41.221root 11241100x80000000000000004277364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce215ff6b5c3b32022-01-04 14:18:41.222root 11241100x80000000000000004277365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6440c22c964bf92022-01-04 14:18:41.222root 11241100x80000000000000004277366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11878f0caeffc162022-01-04 14:18:41.222root 11241100x80000000000000004277367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf2ac48148e0b122022-01-04 14:18:41.222root 11241100x80000000000000004277368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4875f7b77b4b0d2022-01-04 14:18:41.222root 11241100x80000000000000004277369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ee88dfe50a825b2022-01-04 14:18:41.222root 11241100x80000000000000004277370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2d55e56f007d232022-01-04 14:18:41.709root 11241100x80000000000000004277371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb02655720fe6fe2022-01-04 14:18:41.709root 11241100x80000000000000004277372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a0a3984c182bad2022-01-04 14:18:41.710root 11241100x80000000000000004277373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e555d98c922991f2022-01-04 14:18:41.710root 11241100x80000000000000004277374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fe425d991019982022-01-04 14:18:41.710root 11241100x80000000000000004277375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f33fb930f61ed352022-01-04 14:18:41.710root 11241100x80000000000000004277376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080852d8c93a11522022-01-04 14:18:41.710root 11241100x80000000000000004277377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5a83bd684429402022-01-04 14:18:41.710root 11241100x80000000000000004277378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70dc88bb283dcfd2022-01-04 14:18:41.710root 11241100x80000000000000004277379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22097338b5eb64152022-01-04 14:18:41.710root 11241100x80000000000000004277380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21024be675e058e2022-01-04 14:18:41.711root 11241100x80000000000000004277381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4296f0b0791c66d92022-01-04 14:18:41.711root 11241100x80000000000000004277382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e7e0d7b4109f9a2022-01-04 14:18:41.711root 11241100x80000000000000004277383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5919d47ccf0542922022-01-04 14:18:41.711root 11241100x80000000000000004277384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a03f19cb70d1eb42022-01-04 14:18:41.711root 11241100x80000000000000004277385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef52c9dfae37227c2022-01-04 14:18:41.711root 11241100x80000000000000004277386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84e4df13f478ae22022-01-04 14:18:41.711root 11241100x80000000000000004277387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cec06dbe60acd02022-01-04 14:18:41.711root 11241100x80000000000000004277388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071e342723b77f592022-01-04 14:18:41.711root 11241100x80000000000000004277389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e893af50ff7922022-01-04 14:18:41.711root 11241100x80000000000000004277390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac9483519f0d442022-01-04 14:18:41.711root 11241100x80000000000000004277391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a182ffe1b9ef212022-01-04 14:18:41.712root 11241100x80000000000000004277392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dca0bbd42cc2832022-01-04 14:18:41.712root 11241100x80000000000000004277393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a25328e5b283912022-01-04 14:18:41.712root 11241100x80000000000000004277394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5a21b2a44c18cf2022-01-04 14:18:41.712root 11241100x80000000000000004277395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201fe91d6ba6d392022-01-04 14:18:41.712root 11241100x80000000000000004277396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c8539b9d03c6d72022-01-04 14:18:41.712root 11241100x80000000000000004277397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f38a4e6f87e8e532022-01-04 14:18:42.210root 11241100x80000000000000004277398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af5f951103d4b5d2022-01-04 14:18:42.210root 11241100x80000000000000004277399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3390025971a5ef2022-01-04 14:18:42.210root 11241100x80000000000000004277400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122b65bc0841fcc92022-01-04 14:18:42.210root 11241100x80000000000000004277401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97966318a1a86a682022-01-04 14:18:42.210root 11241100x80000000000000004277402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021ed032324fb0d52022-01-04 14:18:42.210root 11241100x80000000000000004277403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a149ff0c352fc902022-01-04 14:18:42.210root 11241100x80000000000000004277404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4931d115c87acb32022-01-04 14:18:42.210root 11241100x80000000000000004277405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52faaaff614484f2022-01-04 14:18:42.210root 11241100x80000000000000004277406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e1fca68c3793db2022-01-04 14:18:42.210root 11241100x80000000000000004277407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad28080b467f81b2022-01-04 14:18:42.211root 11241100x80000000000000004277408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a620cd012be5d2022-01-04 14:18:42.211root 11241100x80000000000000004277409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c995b8b54339e32022-01-04 14:18:42.211root 11241100x80000000000000004277410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cad124578c224142022-01-04 14:18:42.211root 11241100x80000000000000004277411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7f5fe474b87a6d2022-01-04 14:18:42.211root 11241100x80000000000000004277412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eee25aa80c9af22022-01-04 14:18:42.211root 11241100x80000000000000004277413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc9dffac3a127ab2022-01-04 14:18:42.211root 11241100x80000000000000004277414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda8040f038dc1802022-01-04 14:18:42.211root 11241100x80000000000000004277415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958abc3fba10daab2022-01-04 14:18:42.211root 11241100x80000000000000004277416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3105f15131506ef22022-01-04 14:18:42.211root 11241100x80000000000000004277417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c79d1400a2b4a2022-01-04 14:18:42.211root 11241100x80000000000000004277418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef726db7f109692022-01-04 14:18:42.211root 11241100x80000000000000004277419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8deb819c329e182022-01-04 14:18:42.211root 11241100x80000000000000004277420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93bcdc54944fc152022-01-04 14:18:42.211root 11241100x80000000000000004277421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c758dde768dd482022-01-04 14:18:42.211root 11241100x80000000000000004277422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409a2f195336de532022-01-04 14:18:42.212root 11241100x80000000000000004277423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f54768711451052022-01-04 14:18:42.212root 11241100x80000000000000004277424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758fc45326611f992022-01-04 14:18:42.710root 11241100x80000000000000004277425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c65bda767e1b032022-01-04 14:18:42.710root 11241100x80000000000000004277426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688ded44f1dcb5552022-01-04 14:18:42.711root 11241100x80000000000000004277427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d8c7a8d176c8ff2022-01-04 14:18:42.712root 11241100x80000000000000004277428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fc15fd902d14342022-01-04 14:18:42.712root 11241100x80000000000000004277429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d4ced8ccf2fd22022-01-04 14:18:42.712root 11241100x80000000000000004277430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647194602a67ad7e2022-01-04 14:18:42.712root 11241100x80000000000000004277431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b2a64ff668fd6d2022-01-04 14:18:42.712root 11241100x80000000000000004277432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b126a7eea44bb6a12022-01-04 14:18:42.712root 11241100x80000000000000004277433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dadd4618d4ec4e2022-01-04 14:18:42.713root 11241100x80000000000000004277434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62baa1aa93523c02022-01-04 14:18:42.713root 11241100x80000000000000004277435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e4c97b0b6ae432022-01-04 14:18:42.713root 11241100x80000000000000004277436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07050d17b3bb0912022-01-04 14:18:42.713root 11241100x80000000000000004277437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c9a9e420c4aad72022-01-04 14:18:42.713root 11241100x80000000000000004277438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ba6b46b24fbcaf2022-01-04 14:18:42.713root 11241100x80000000000000004277439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080af77f8cd6de5b2022-01-04 14:18:42.713root 11241100x80000000000000004277440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c1d791596e2cbb2022-01-04 14:18:42.713root 11241100x80000000000000004277441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4056f73cf1da46812022-01-04 14:18:42.713root 11241100x80000000000000004277442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80275c3db45e7ae72022-01-04 14:18:42.713root 11241100x80000000000000004277443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdbba36792ab37c2022-01-04 14:18:42.713root 11241100x80000000000000004277444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb867e62d34a4b82022-01-04 14:18:42.713root 11241100x80000000000000004277445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b1fb022d8e5afa2022-01-04 14:18:42.713root 11241100x80000000000000004277446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6004124754eb25812022-01-04 14:18:42.713root 11241100x80000000000000004277447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b9940fbfde7b02022-01-04 14:18:42.713root 11241100x80000000000000004277448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0fe75c5d0018352022-01-04 14:18:42.714root 11241100x80000000000000004277449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80ae420a62971cc2022-01-04 14:18:42.714root 11241100x80000000000000004277450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087496d135779832022-01-04 14:18:42.714root 11241100x80000000000000004277451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27411f090633cd642022-01-04 14:18:43.209root 11241100x80000000000000004277452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c536d8def36a3ac92022-01-04 14:18:43.209root 11241100x80000000000000004277453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afce29c285eb094d2022-01-04 14:18:43.209root 11241100x80000000000000004277454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db8360abf8778532022-01-04 14:18:43.210root 11241100x80000000000000004277455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7325ff34f33282022-01-04 14:18:43.210root 11241100x80000000000000004277456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a850ae25b54e83a32022-01-04 14:18:43.210root 11241100x80000000000000004277457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a90d34bd9d04452022-01-04 14:18:43.210root 11241100x80000000000000004277458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0857e79cc10514482022-01-04 14:18:43.210root 11241100x80000000000000004277459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdaf344fcb71b0a2022-01-04 14:18:43.210root 11241100x80000000000000004277460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5480eca71a4b762022-01-04 14:18:43.211root 11241100x80000000000000004277461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930294c12f3c8a0a2022-01-04 14:18:43.211root 11241100x80000000000000004277462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e4c8d13cab66462022-01-04 14:18:43.211root 11241100x80000000000000004277463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f61108b89a8d342022-01-04 14:18:43.211root 11241100x80000000000000004277464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59330e8908e46f7e2022-01-04 14:18:43.211root 11241100x80000000000000004277465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33a2427c1dedbda2022-01-04 14:18:43.211root 11241100x80000000000000004277466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c21b682f7e06f392022-01-04 14:18:43.211root 11241100x80000000000000004277467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4e16db3e0aeaf42022-01-04 14:18:43.211root 11241100x80000000000000004277468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b7ba95810871d52022-01-04 14:18:43.211root 11241100x80000000000000004277469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1140fc9c104da3a72022-01-04 14:18:43.211root 11241100x80000000000000004277470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19b1bbca64f49722022-01-04 14:18:43.212root 11241100x80000000000000004277471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94197e76fb3f84692022-01-04 14:18:43.212root 11241100x80000000000000004277472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96bbe1e83d36e952022-01-04 14:18:43.212root 11241100x80000000000000004277473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96bf3d97185a4e02022-01-04 14:18:43.212root 11241100x80000000000000004277474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c903c26a6cc34a2022-01-04 14:18:43.212root 11241100x80000000000000004277475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b3de20ec0a68eb2022-01-04 14:18:43.212root 11241100x80000000000000004277476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115a502263107bc82022-01-04 14:18:43.212root 11241100x80000000000000004277477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77cec7caed95222022-01-04 14:18:43.212root 11241100x80000000000000004277478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69caae4557dce2c2022-01-04 14:18:43.212root 11241100x80000000000000004277479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179668cfd9e64dde2022-01-04 14:18:43.212root 11241100x80000000000000004277480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a3f36b2a6359592022-01-04 14:18:43.212root 11241100x80000000000000004277481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c9147561ea0352022-01-04 14:18:43.212root 11241100x80000000000000004277482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bd2b46fae1bed72022-01-04 14:18:43.709root 11241100x80000000000000004277483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bbe92591ae4a092022-01-04 14:18:43.710root 11241100x80000000000000004277484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd009af3928e27b2022-01-04 14:18:43.710root 11241100x80000000000000004277485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b917834ecdf9c2da2022-01-04 14:18:43.710root 11241100x80000000000000004277486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880206137778a2dc2022-01-04 14:18:43.710root 11241100x80000000000000004277487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5769b302984ce36d2022-01-04 14:18:43.710root 11241100x80000000000000004277488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bb64f3a46419742022-01-04 14:18:43.710root 11241100x80000000000000004277489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fb0ec90c04cd862022-01-04 14:18:43.711root 11241100x80000000000000004277490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472eecf23c325ff52022-01-04 14:18:43.711root 11241100x80000000000000004277491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfacd80d466cb32022-01-04 14:18:43.711root 11241100x80000000000000004277492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac9e25c776ea8462022-01-04 14:18:43.711root 11241100x80000000000000004277493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea145cf264abfd742022-01-04 14:18:43.711root 11241100x80000000000000004277494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd78e83f3cc525c2022-01-04 14:18:43.711root 11241100x80000000000000004277495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146f36ad4a98bd402022-01-04 14:18:43.711root 11241100x80000000000000004277496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f2a270d5505042022-01-04 14:18:43.712root 11241100x80000000000000004277497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f1eef5b19b67b12022-01-04 14:18:43.712root 11241100x80000000000000004277498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c04391330d63fe2022-01-04 14:18:43.712root 11241100x80000000000000004277499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f0b2ad1943fd82022-01-04 14:18:43.712root 11241100x80000000000000004277500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1999b3b7360f182022-01-04 14:18:43.712root 11241100x80000000000000004277501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2454797bfeba2a332022-01-04 14:18:43.712root 11241100x80000000000000004277502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26fba7f9ddbeeb22022-01-04 14:18:43.712root 11241100x80000000000000004277503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bdfbd7853025c92022-01-04 14:18:43.712root 11241100x80000000000000004277504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35331c0bba52eed22022-01-04 14:18:43.712root 11241100x80000000000000004277505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19655b89b6b69a5f2022-01-04 14:18:43.712root 11241100x80000000000000004277506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5df2cedc54b30b2022-01-04 14:18:43.712root 11241100x80000000000000004277507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d701634ae02c4c02022-01-04 14:18:43.713root 11241100x80000000000000004277508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8985194c7373c3872022-01-04 14:18:43.713root 11241100x80000000000000004277509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009770bde586f9972022-01-04 14:18:43.713root 11241100x80000000000000004277510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50e71500e6217222022-01-04 14:18:44.210root 11241100x80000000000000004277511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f1f5ec4d09d30e2022-01-04 14:18:44.210root 11241100x80000000000000004277512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81851176ae27f0c72022-01-04 14:18:44.210root 11241100x80000000000000004277513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734c545037bc24412022-01-04 14:18:44.210root 11241100x80000000000000004277514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd63d0e6b2b657232022-01-04 14:18:44.211root 11241100x80000000000000004277515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580f86d7771e3ba52022-01-04 14:18:44.211root 11241100x80000000000000004277516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2eb7f610dfb6b62022-01-04 14:18:44.211root 11241100x80000000000000004277517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc345c375a7140b02022-01-04 14:18:44.211root 11241100x80000000000000004277518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749884b3457e616d2022-01-04 14:18:44.211root 11241100x80000000000000004277519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd12788e55d2e73e2022-01-04 14:18:44.211root 11241100x80000000000000004277520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8fde80be58cbd32022-01-04 14:18:44.211root 11241100x80000000000000004277521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460d1469613b8ad82022-01-04 14:18:44.211root 11241100x80000000000000004277522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775154be67a6cba82022-01-04 14:18:44.211root 11241100x80000000000000004277523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e42d2d26fa0b9462022-01-04 14:18:44.211root 11241100x80000000000000004277524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d258b9fe1038fc4e2022-01-04 14:18:44.211root 11241100x80000000000000004277525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ce4c1ecce516e2022-01-04 14:18:44.211root 11241100x80000000000000004277526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0451ce92e25d82022-01-04 14:18:44.211root 11241100x80000000000000004277527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74445dbbcfb090d22022-01-04 14:18:44.212root 11241100x80000000000000004277528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4249e5e7dd8fb6732022-01-04 14:18:44.212root 11241100x80000000000000004277529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9185805b7e67d2022-01-04 14:18:44.212root 11241100x80000000000000004277530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65405a98e5ebcc132022-01-04 14:18:44.212root 11241100x80000000000000004277531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cb241c613c349f2022-01-04 14:18:44.212root 11241100x80000000000000004277532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c284d4d366a69d2022-01-04 14:18:44.212root 11241100x80000000000000004277533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98554de13b7e4fef2022-01-04 14:18:44.212root 11241100x80000000000000004277534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2966193a9127d4c12022-01-04 14:18:44.213root 11241100x80000000000000004277535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d602d049b84a762022-01-04 14:18:44.213root 11241100x80000000000000004277536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403960487873fbc22022-01-04 14:18:44.213root 11241100x80000000000000004277537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35b1dbaf63233732022-01-04 14:18:44.710root 11241100x80000000000000004277538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5ad9aa37f6ed142022-01-04 14:18:44.710root 11241100x80000000000000004277539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dfd9d16aca26452022-01-04 14:18:44.710root 11241100x80000000000000004277540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bac71ae70e19362022-01-04 14:18:44.710root 11241100x80000000000000004277541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493f4a1fb118de9b2022-01-04 14:18:44.711root 11241100x80000000000000004277542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1a9cf1af8d69a82022-01-04 14:18:44.711root 11241100x80000000000000004277543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486bfa272b74c2b52022-01-04 14:18:44.711root 11241100x80000000000000004277544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aeb09193854a802022-01-04 14:18:44.711root 11241100x80000000000000004277545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97a50814caeb4dc2022-01-04 14:18:44.711root 11241100x80000000000000004277546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a251b233123b1b32022-01-04 14:18:44.711root 11241100x80000000000000004277547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd1694b0232d2e2022-01-04 14:18:44.712root 11241100x80000000000000004277548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31451d9f9d49981e2022-01-04 14:18:44.712root 11241100x80000000000000004277549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da983d9969bd2a52022-01-04 14:18:44.712root 11241100x80000000000000004277550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7124812e59ed4d492022-01-04 14:18:44.712root 11241100x80000000000000004277551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12834427a412b2552022-01-04 14:18:44.712root 11241100x80000000000000004277552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48125149c400d9212022-01-04 14:18:44.712root 11241100x80000000000000004277553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad9df45caa0cb072022-01-04 14:18:44.712root 11241100x80000000000000004277554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35060aeca838e1d2022-01-04 14:18:44.713root 11241100x80000000000000004277555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495572182079c9d42022-01-04 14:18:44.713root 11241100x80000000000000004277556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50062e9f9b54e4c2022-01-04 14:18:44.713root 11241100x80000000000000004277557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e8834d46f32db72022-01-04 14:18:44.713root 11241100x80000000000000004277558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89d2c99c850e3572022-01-04 14:18:44.713root 11241100x80000000000000004277559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e8e020222333852022-01-04 14:18:44.713root 11241100x80000000000000004277560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae982d716e96db6a2022-01-04 14:18:44.714root 11241100x80000000000000004277561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36b7430821d8012022-01-04 14:18:44.714root 11241100x80000000000000004277562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b9700077e626c2022-01-04 14:18:44.715root 11241100x80000000000000004277563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0791b3010e38612022-01-04 14:18:44.715root 11241100x80000000000000004277564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2510234dd63b65122022-01-04 14:18:45.210root 11241100x80000000000000004277565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a3f0e5fac12b722022-01-04 14:18:45.210root 11241100x80000000000000004277566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd25a601d4524a2a2022-01-04 14:18:45.210root 11241100x80000000000000004277567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0351596f29d3aa42022-01-04 14:18:45.210root 11241100x80000000000000004277568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b4b36a826a1fd82022-01-04 14:18:45.210root 11241100x80000000000000004277569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369dce47470ee2cd2022-01-04 14:18:45.210root 11241100x80000000000000004277570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51ebfa035873e232022-01-04 14:18:45.210root 11241100x80000000000000004277571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3abc060abd3d6112022-01-04 14:18:45.210root 11241100x80000000000000004277572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229c1d1fc48761072022-01-04 14:18:45.210root 11241100x80000000000000004277573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691c6bd6bc48a2192022-01-04 14:18:45.211root 11241100x80000000000000004277574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c057278111e129e2022-01-04 14:18:45.211root 11241100x80000000000000004277575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3751235a58e9807c2022-01-04 14:18:45.211root 11241100x80000000000000004277576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3440f48bb18f6742022-01-04 14:18:45.211root 11241100x80000000000000004277577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534491adad94ee142022-01-04 14:18:45.211root 11241100x80000000000000004277578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faebcb36a3225bdd2022-01-04 14:18:45.211root 11241100x80000000000000004277579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a79040df016bf2022-01-04 14:18:45.211root 11241100x80000000000000004277580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c233adc00139d12022-01-04 14:18:45.211root 11241100x80000000000000004277581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dcb9fcbba121212022-01-04 14:18:45.211root 11241100x80000000000000004277582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f94992ae2d1ab2022-01-04 14:18:45.211root 11241100x80000000000000004277583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d48f37920566512022-01-04 14:18:45.211root 11241100x80000000000000004277584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa50424f186e77e2022-01-04 14:18:45.211root 11241100x80000000000000004277585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525682c90029df1f2022-01-04 14:18:45.211root 11241100x80000000000000004277586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fe19e0112e9bf32022-01-04 14:18:45.211root 11241100x80000000000000004277587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ab99b63721f482022-01-04 14:18:45.212root 11241100x80000000000000004277588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3179019ac600552022-01-04 14:18:45.212root 11241100x80000000000000004277589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaca40941f6e5dfa2022-01-04 14:18:45.212root 11241100x80000000000000004277590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33ff17eeafc6eb12022-01-04 14:18:45.212root 11241100x80000000000000004277591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a007a89399dfaac2022-01-04 14:18:45.709root 11241100x80000000000000004277592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da90ca377ac3072a2022-01-04 14:18:45.710root 11241100x80000000000000004277593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794059804d8258712022-01-04 14:18:45.710root 11241100x80000000000000004277594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd109108f8adfa62022-01-04 14:18:45.710root 11241100x80000000000000004277595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fc72cabc3651e92022-01-04 14:18:45.710root 11241100x80000000000000004277596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bd7d1c04828f562022-01-04 14:18:45.710root 11241100x80000000000000004277597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c972eaeb5e43162022-01-04 14:18:45.710root 11241100x80000000000000004277598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca042fd4ccab33ab2022-01-04 14:18:45.710root 11241100x80000000000000004277599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d3afb6fbee01952022-01-04 14:18:45.710root 11241100x80000000000000004277600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1d6509e46acc862022-01-04 14:18:45.710root 11241100x80000000000000004277601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398114404333a382022-01-04 14:18:45.710root 11241100x80000000000000004277602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a553156a8c0f2e5e2022-01-04 14:18:45.710root 11241100x80000000000000004277603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d021a2f22263d22022-01-04 14:18:45.710root 11241100x80000000000000004277604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ed8d5eb1845fc02022-01-04 14:18:45.711root 11241100x80000000000000004277605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0fff301110f0602022-01-04 14:18:45.711root 11241100x80000000000000004277606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a239945c502517772022-01-04 14:18:45.711root 11241100x80000000000000004277607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4660479d93e5c4df2022-01-04 14:18:45.711root 11241100x80000000000000004277608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600a150b769fe5822022-01-04 14:18:45.711root 11241100x80000000000000004277609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfb9d29158ec7fc2022-01-04 14:18:45.711root 11241100x80000000000000004277610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e74c02e2e3995942022-01-04 14:18:45.711root 11241100x80000000000000004277611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b8c7d34b72c3042022-01-04 14:18:45.711root 11241100x80000000000000004277612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc75b30b8b13cd32022-01-04 14:18:45.711root 11241100x80000000000000004277613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6a4e3c66eb5d3a2022-01-04 14:18:45.711root 11241100x80000000000000004277614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14a2921288ae5c22022-01-04 14:18:45.711root 11241100x80000000000000004277615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0036c2ab86ae1f2022-01-04 14:18:45.711root 11241100x80000000000000004277616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1739dd629a0444e2022-01-04 14:18:45.711root 11241100x80000000000000004277617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77b96a721bd74de2022-01-04 14:18:45.711root 11241100x80000000000000004277618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fb6d9a0d794b982022-01-04 14:18:45.712root 11241100x80000000000000004277619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e2e47032d25de92022-01-04 14:18:46.209root 11241100x80000000000000004277620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43db30d115a42d822022-01-04 14:18:46.210root 11241100x80000000000000004277621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bff017301197eef2022-01-04 14:18:46.210root 11241100x80000000000000004277622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dcc9419dbd40402022-01-04 14:18:46.210root 11241100x80000000000000004277623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b676171340013392022-01-04 14:18:46.210root 11241100x80000000000000004277624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0655acd69e9b3ce42022-01-04 14:18:46.210root 11241100x80000000000000004277625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f92a7988e67c0922022-01-04 14:18:46.210root 11241100x80000000000000004277626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e36b35cac58d4b22022-01-04 14:18:46.210root 11241100x80000000000000004277627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acb1b07ce237a9a2022-01-04 14:18:46.210root 11241100x80000000000000004277628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77052998aa7616b12022-01-04 14:18:46.210root 11241100x80000000000000004277629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8cff4cecf41f5f2022-01-04 14:18:46.211root 11241100x80000000000000004277630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be1005ff6b9f8ee2022-01-04 14:18:46.211root 11241100x80000000000000004277631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22299f964ef562fd2022-01-04 14:18:46.211root 11241100x80000000000000004277632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea956dd06ce70e0e2022-01-04 14:18:46.211root 11241100x80000000000000004277633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8302a94567c7771c2022-01-04 14:18:46.211root 11241100x80000000000000004277634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480f2c480d00eaa02022-01-04 14:18:46.211root 11241100x80000000000000004277635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece44d76a22a7c292022-01-04 14:18:46.211root 11241100x80000000000000004277636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51125e4b82a33d452022-01-04 14:18:46.211root 11241100x80000000000000004277637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac2275754ec91242022-01-04 14:18:46.211root 11241100x80000000000000004277638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac2f4f9f2933992022-01-04 14:18:46.211root 11241100x80000000000000004277639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df91a768b08df7bf2022-01-04 14:18:46.212root 11241100x80000000000000004277640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5372e6f677d1262022-01-04 14:18:46.212root 11241100x80000000000000004277641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6ff22fe6a603f32022-01-04 14:18:46.212root 11241100x80000000000000004277642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc05a7f91e5ec082022-01-04 14:18:46.212root 11241100x80000000000000004277643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02164d71452f73072022-01-04 14:18:46.212root 11241100x80000000000000004277644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d37d79fc3f8fb92022-01-04 14:18:46.212root 11241100x80000000000000004277645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a1a6377d89424e2022-01-04 14:18:46.212root 11241100x80000000000000004277646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f69304f1ceb476b2022-01-04 14:18:46.710root 11241100x80000000000000004277647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaff636f189ed93f2022-01-04 14:18:46.710root 11241100x80000000000000004277648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9232a420f50e52472022-01-04 14:18:46.710root 11241100x80000000000000004277649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e830b3c435ff01f02022-01-04 14:18:46.710root 11241100x80000000000000004277650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ab98f8e28ecb062022-01-04 14:18:46.710root 11241100x80000000000000004277651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dbbccd31bcca1b2022-01-04 14:18:46.710root 11241100x80000000000000004277652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca7e7efcf03ff8f2022-01-04 14:18:46.710root 11241100x80000000000000004277653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d66c276c361c52022-01-04 14:18:46.711root 11241100x80000000000000004277654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ee4c42ca7f5e52022-01-04 14:18:46.711root 11241100x80000000000000004277655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814fdcd12a9c6a82022-01-04 14:18:46.711root 11241100x80000000000000004277656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807ed90360ede3062022-01-04 14:18:46.711root 11241100x80000000000000004277657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc2ade0beb25f92022-01-04 14:18:46.711root 11241100x80000000000000004277658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a1e135d6cc09e2022-01-04 14:18:46.711root 11241100x80000000000000004277659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d431b00a2b4f4f862022-01-04 14:18:46.711root 11241100x80000000000000004277660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1625d4457615966b2022-01-04 14:18:46.711root 11241100x80000000000000004277661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be39500c8df0dd2022-01-04 14:18:46.711root 11241100x80000000000000004277662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb764835ec65ce5d2022-01-04 14:18:46.711root 11241100x80000000000000004277663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1c9b6aa1272c762022-01-04 14:18:46.711root 11241100x80000000000000004277664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5d23ca421a776a2022-01-04 14:18:46.711root 11241100x80000000000000004277665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f75786f1904d242022-01-04 14:18:46.712root 11241100x80000000000000004277666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb1daa91976fe42022-01-04 14:18:46.712root 11241100x80000000000000004277667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7d44970748cb6b2022-01-04 14:18:46.712root 11241100x80000000000000004277668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e182b6259889b0b2022-01-04 14:18:46.712root 11241100x80000000000000004277669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44f32db96c390502022-01-04 14:18:46.712root 11241100x80000000000000004277670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c98a4cdd45ec622022-01-04 14:18:46.712root 11241100x80000000000000004277671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1d14379d92bb052022-01-04 14:18:46.712root 11241100x80000000000000004277672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f11dcfdc7bb3852022-01-04 14:18:46.712root 354300x80000000000000004277673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.111{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41510-false10.0.1.12-8000- 11241100x80000000000000004277674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c462eed1443367fd2022-01-04 14:18:47.112root 11241100x80000000000000004277675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8816f4ec609fbbe42022-01-04 14:18:47.112root 11241100x80000000000000004277676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55deb8d78c1093a02022-01-04 14:18:47.112root 11241100x80000000000000004277677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d53fd83630c20672022-01-04 14:18:47.112root 11241100x80000000000000004277678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3b6429b31304572022-01-04 14:18:47.112root 11241100x80000000000000004277679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b0fb11f752f702022-01-04 14:18:47.112root 11241100x80000000000000004277680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d561b3d1231b9bc72022-01-04 14:18:47.113root 11241100x80000000000000004277681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ee2dca2c79ee332022-01-04 14:18:47.113root 11241100x80000000000000004277682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734ceddb7bcd079f2022-01-04 14:18:47.113root 11241100x80000000000000004277683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242c0c5972a78a3c2022-01-04 14:18:47.113root 11241100x80000000000000004277684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f7d9621ceb7ffb2022-01-04 14:18:47.113root 11241100x80000000000000004277685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f89f517f4669122022-01-04 14:18:47.113root 11241100x80000000000000004277686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b5b3e4fb5e7e232022-01-04 14:18:47.113root 11241100x80000000000000004277687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc68aa9b126b00c52022-01-04 14:18:47.114root 11241100x80000000000000004277688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca98c0029cb6cf82022-01-04 14:18:47.114root 11241100x80000000000000004277689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b983887da6c10d7d2022-01-04 14:18:47.114root 11241100x80000000000000004277690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b92dc0dda5fd8b2022-01-04 14:18:47.114root 11241100x80000000000000004277691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953a961d695a1e542022-01-04 14:18:47.114root 11241100x80000000000000004277692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dd34898543b3d72022-01-04 14:18:47.114root 11241100x80000000000000004277693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e7658d74587912022-01-04 14:18:47.114root 11241100x80000000000000004277694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd0b222c51c0dd22022-01-04 14:18:47.114root 11241100x80000000000000004277695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2efce840406f4b2022-01-04 14:18:47.114root 11241100x80000000000000004277696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d5c719fc3e13852022-01-04 14:18:47.115root 11241100x80000000000000004277697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f1792101f26d52022-01-04 14:18:47.115root 11241100x80000000000000004277698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3797b04df8b5de052022-01-04 14:18:47.115root 11241100x80000000000000004277699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa76c187c6d196f2022-01-04 14:18:47.115root 11241100x80000000000000004277700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bfabddce7919412022-01-04 14:18:47.115root 11241100x80000000000000004277701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0147ce0d677fe32022-01-04 14:18:47.115root 11241100x80000000000000004277702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00db70d40c0807572022-01-04 14:18:47.115root 11241100x80000000000000004277703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc0871be299c4d2022-01-04 14:18:47.115root 11241100x80000000000000004277704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fac3ccbb284711c2022-01-04 14:18:47.116root 11241100x80000000000000004277705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecafc4e8f771e7f2022-01-04 14:18:47.116root 11241100x80000000000000004277706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512170162ff784fe2022-01-04 14:18:47.116root 11241100x80000000000000004277707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d6cbf7ac62d23f2022-01-04 14:18:47.116root 11241100x80000000000000004277708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e67b07e17d6a2f2022-01-04 14:18:47.459root 11241100x80000000000000004277709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f45b8d996c567282022-01-04 14:18:47.459root 11241100x80000000000000004277710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de1b4f54e51ca592022-01-04 14:18:47.460root 11241100x80000000000000004277711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c7f856a00d92132022-01-04 14:18:47.460root 11241100x80000000000000004277712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb675bf4ebd7e772022-01-04 14:18:47.460root 11241100x80000000000000004277713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8873a01fa7182d6a2022-01-04 14:18:47.460root 11241100x80000000000000004277714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d9c86b7b4ec3692022-01-04 14:18:47.460root 11241100x80000000000000004277715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c982d881e5a86b9f2022-01-04 14:18:47.461root 11241100x80000000000000004277716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2349b7c953ec272022-01-04 14:18:47.461root 11241100x80000000000000004277717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3786b760c83416c2022-01-04 14:18:47.461root 11241100x80000000000000004277718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5209ce2261b37252022-01-04 14:18:47.461root 11241100x80000000000000004277719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482c97d30ca498df2022-01-04 14:18:47.461root 11241100x80000000000000004277720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7323f25db77dd50a2022-01-04 14:18:47.462root 11241100x80000000000000004277721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a310f23e524d5a2022-01-04 14:18:47.462root 11241100x80000000000000004277722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567f6e1e9ad30c162022-01-04 14:18:47.462root 11241100x80000000000000004277723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f8143e1a15d8032022-01-04 14:18:47.462root 11241100x80000000000000004277724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99059997df6632f32022-01-04 14:18:47.462root 11241100x80000000000000004277725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fef51c176c31752022-01-04 14:18:47.462root 11241100x80000000000000004277726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fcd3a1bae503722022-01-04 14:18:47.463root 11241100x80000000000000004277727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c24a144d5eb9972022-01-04 14:18:47.463root 11241100x80000000000000004277728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe40f3662c377982022-01-04 14:18:47.463root 11241100x80000000000000004277729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809f7bb8065545e72022-01-04 14:18:47.463root 11241100x80000000000000004277730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5998b08b0ceca92022-01-04 14:18:47.463root 11241100x80000000000000004277731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c17c6d7829aec62022-01-04 14:18:47.463root 11241100x80000000000000004277732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b243f345cc7e9152022-01-04 14:18:47.463root 11241100x80000000000000004277733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5137f78c6d01622022-01-04 14:18:47.464root 11241100x80000000000000004277734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a83f569498d61f2022-01-04 14:18:47.464root 11241100x80000000000000004277735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c986156f825622022-01-04 14:18:47.464root 11241100x80000000000000004277736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5e8d03c3db71f2022-01-04 14:18:47.464root 11241100x80000000000000004277737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2be885bda7ba632022-01-04 14:18:47.464root 11241100x80000000000000004277738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3aaf360d431b2bd2022-01-04 14:18:47.464root 11241100x80000000000000004277739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7be01bcbb2dddc42022-01-04 14:18:47.464root 11241100x80000000000000004277740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ef0ba2c5ccb7b2022-01-04 14:18:47.959root 11241100x80000000000000004277741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c76353ea4bc072c2022-01-04 14:18:47.959root 11241100x80000000000000004277742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb15fb369f12e42022-01-04 14:18:47.960root 11241100x80000000000000004277743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f007681907222b2022-01-04 14:18:47.960root 11241100x80000000000000004277744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104dbd36cbcb20e92022-01-04 14:18:47.960root 11241100x80000000000000004277745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db76a9651a90fab72022-01-04 14:18:47.960root 11241100x80000000000000004277746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b968aed54d77ff2022-01-04 14:18:47.961root 11241100x80000000000000004277747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ada3706c3bc39e2022-01-04 14:18:47.961root 11241100x80000000000000004277748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1acfc7b2bd6bbe12022-01-04 14:18:47.961root 11241100x80000000000000004277749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2356cc94ddb12e72022-01-04 14:18:47.961root 11241100x80000000000000004277750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d58f0b24f55d922022-01-04 14:18:47.961root 11241100x80000000000000004277751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9225c2375c17922022-01-04 14:18:47.961root 11241100x80000000000000004277752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d23e215fc93de2022-01-04 14:18:47.961root 11241100x80000000000000004277753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60085fd91c22f5f52022-01-04 14:18:47.961root 11241100x80000000000000004277754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e823230f5f5aaca62022-01-04 14:18:47.962root 11241100x80000000000000004277755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ba842b2ec06e202022-01-04 14:18:47.962root 11241100x80000000000000004277756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235e6d318b2e21512022-01-04 14:18:47.962root 11241100x80000000000000004277757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103efee281701be22022-01-04 14:18:47.962root 11241100x80000000000000004277758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8932e029e4d1762022-01-04 14:18:47.962root 11241100x80000000000000004277759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3206ece7f01bdf332022-01-04 14:18:47.962root 11241100x80000000000000004277760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec9488a0a8db4b42022-01-04 14:18:47.963root 11241100x80000000000000004277761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b0f5ed82a362042022-01-04 14:18:47.963root 11241100x80000000000000004277762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d922adebbc5726bd2022-01-04 14:18:47.963root 11241100x80000000000000004277763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd5d6afcf437b9e2022-01-04 14:18:47.963root 11241100x80000000000000004277764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143ddc8c5c8db99d2022-01-04 14:18:47.963root 11241100x80000000000000004277765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a3bb68dc259322022-01-04 14:18:47.963root 11241100x80000000000000004277766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a200714b203da80c2022-01-04 14:18:47.964root 11241100x80000000000000004277767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96925f8799eddda22022-01-04 14:18:47.964root 11241100x80000000000000004277768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44616e22bbab06b22022-01-04 14:18:47.964root 11241100x80000000000000004277769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2e833e3ec7bffe2022-01-04 14:18:48.459root 11241100x80000000000000004277770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b747d13251da192022-01-04 14:18:48.460root 11241100x80000000000000004277771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8ecd83738afcff2022-01-04 14:18:48.460root 11241100x80000000000000004277772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711a9b7b58fd88622022-01-04 14:18:48.460root 11241100x80000000000000004277773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a4ee6d299fe0a02022-01-04 14:18:48.460root 11241100x80000000000000004277774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56887219f3ebe2432022-01-04 14:18:48.461root 11241100x80000000000000004277775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a853a0396d274c32022-01-04 14:18:48.461root 11241100x80000000000000004277776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b4c4d5d090590a2022-01-04 14:18:48.461root 11241100x80000000000000004277777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a38eaaf0d7ecff2022-01-04 14:18:48.461root 11241100x80000000000000004277778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5db9aa82549e6c2022-01-04 14:18:48.461root 11241100x80000000000000004277779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e937c4417f2b2bb2022-01-04 14:18:48.461root 11241100x80000000000000004277780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c953575bc4b84742022-01-04 14:18:48.461root 11241100x80000000000000004277781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c03beca173ec362022-01-04 14:18:48.461root 11241100x80000000000000004277782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9c23c7f62554492022-01-04 14:18:48.461root 11241100x80000000000000004277783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f058a11127c5c62022-01-04 14:18:48.461root 11241100x80000000000000004277784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526c2c231d8d9722022-01-04 14:18:48.461root 11241100x80000000000000004277785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d344e34a36d72a4e2022-01-04 14:18:48.461root 11241100x80000000000000004277786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80b014794c995832022-01-04 14:18:48.461root 11241100x80000000000000004277787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a096a627c44b392022-01-04 14:18:48.462root 11241100x80000000000000004277788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e367f5f4263942022-01-04 14:18:48.462root 11241100x80000000000000004277789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900855004efd491a2022-01-04 14:18:48.462root 11241100x80000000000000004277790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f420fc0dd65a8bf2022-01-04 14:18:48.462root 11241100x80000000000000004277791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09925c7adf5a1af2022-01-04 14:18:48.462root 11241100x80000000000000004277792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189140ff241c846a2022-01-04 14:18:48.462root 11241100x80000000000000004277793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f445286d3c4275182022-01-04 14:18:48.462root 11241100x80000000000000004277794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4da553bce296e022022-01-04 14:18:48.462root 11241100x80000000000000004277795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d9c55f30921a882022-01-04 14:18:48.462root 11241100x80000000000000004277796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71137634bf125462022-01-04 14:18:48.462root 11241100x80000000000000004277797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2883d5ecd6870f2022-01-04 14:18:48.462root 11241100x80000000000000004277798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d467120aae70882022-01-04 14:18:48.462root 11241100x80000000000000004277799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df49b5f6f0af10a2022-01-04 14:18:48.960root 11241100x80000000000000004277800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdf12a1129c6f112022-01-04 14:18:48.960root 11241100x80000000000000004277801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25b28a7a1fdb3d2022-01-04 14:18:48.960root 11241100x80000000000000004277802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9678e5610537db7a2022-01-04 14:18:48.960root 11241100x80000000000000004277803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d8c10f9af796fd2022-01-04 14:18:48.960root 11241100x80000000000000004277804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e2b619aaeba3152022-01-04 14:18:48.960root 11241100x80000000000000004277805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee7611d466366e2022-01-04 14:18:48.960root 11241100x80000000000000004277806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5f7e3f47d484c2022-01-04 14:18:48.961root 11241100x80000000000000004277807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae80dd593c8361bc2022-01-04 14:18:48.961root 11241100x80000000000000004277808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91d620a6a0672b2022-01-04 14:18:48.961root 11241100x80000000000000004277809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445cfa4c8dfe22b32022-01-04 14:18:48.961root 11241100x80000000000000004277810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a736ed073e987c82022-01-04 14:18:48.961root 11241100x80000000000000004277811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f72cf4e307c6272022-01-04 14:18:48.961root 11241100x80000000000000004277812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9df35eef48f8fd2022-01-04 14:18:48.961root 11241100x80000000000000004277813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab2583260785f762022-01-04 14:18:48.961root 11241100x80000000000000004277814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4ee72145e9c7652022-01-04 14:18:48.961root 11241100x80000000000000004277815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ed9d89fdef96e2022-01-04 14:18:48.961root 11241100x80000000000000004277816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ac346a1862bb002022-01-04 14:18:48.961root 11241100x80000000000000004277817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c825f6f887e892022-01-04 14:18:48.961root 11241100x80000000000000004277818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab1c438c39db2ee2022-01-04 14:18:48.961root 11241100x80000000000000004277819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d14cd2543a87352022-01-04 14:18:48.961root 11241100x80000000000000004277820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e038a89e1aacb8a22022-01-04 14:18:48.961root 11241100x80000000000000004277821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ebf026b2ced0472022-01-04 14:18:48.962root 11241100x80000000000000004277822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a537cc198a28c522022-01-04 14:18:48.962root 11241100x80000000000000004277823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d33de7b50d8f4cd2022-01-04 14:18:48.962root 11241100x80000000000000004277824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f349117af1f5722022-01-04 14:18:48.962root 11241100x80000000000000004277825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9296d1272dbf856a2022-01-04 14:18:48.962root 11241100x80000000000000004277826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bff850ccaea13a2022-01-04 14:18:48.962root 11241100x80000000000000004277827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3bf80c3f6365be2022-01-04 14:18:49.459root 11241100x80000000000000004277828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3d144371bbd5942022-01-04 14:18:49.459root 11241100x80000000000000004277829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f97986a090dce32022-01-04 14:18:49.459root 11241100x80000000000000004277830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c86e315980b6b32022-01-04 14:18:49.459root 11241100x80000000000000004277831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95fc8a4094217ae2022-01-04 14:18:49.460root 11241100x80000000000000004277832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c37d470c3cb5ee2022-01-04 14:18:49.460root 11241100x80000000000000004277833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9982cb22fc483f0a2022-01-04 14:18:49.460root 11241100x80000000000000004277834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9668a52164156a8b2022-01-04 14:18:49.460root 11241100x80000000000000004277835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b96af72ffb65252022-01-04 14:18:49.460root 11241100x80000000000000004277836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e70d3f8d5b8f9d2022-01-04 14:18:49.460root 11241100x80000000000000004277837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4281e93bbb1e2a9e2022-01-04 14:18:49.460root 11241100x80000000000000004277838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec925dc8208ce22022-01-04 14:18:49.460root 11241100x80000000000000004277839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608619fa633417eb2022-01-04 14:18:49.460root 11241100x80000000000000004277840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a2fa60ebd1df372022-01-04 14:18:49.460root 11241100x80000000000000004277841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3531174c946213c32022-01-04 14:18:49.461root 11241100x80000000000000004277842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ab44ac2b58a90b2022-01-04 14:18:49.461root 11241100x80000000000000004277843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17540e9ef76a96e2022-01-04 14:18:49.461root 11241100x80000000000000004277844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b234e82d97c89f2022-01-04 14:18:49.461root 11241100x80000000000000004277845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9548335f7fb076922022-01-04 14:18:49.461root 11241100x80000000000000004277846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed94107066cdfe92022-01-04 14:18:49.461root 11241100x80000000000000004277847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75e0151faff01432022-01-04 14:18:49.461root 11241100x80000000000000004277848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b2008b3a172c912022-01-04 14:18:49.461root 11241100x80000000000000004277849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0456292ce099d02022-01-04 14:18:49.461root 11241100x80000000000000004277850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a7a5d7c070a0bb2022-01-04 14:18:49.461root 11241100x80000000000000004277851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b072fdb19a3b0f2022-01-04 14:18:49.462root 11241100x80000000000000004277852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c612a8582240182022-01-04 14:18:49.462root 11241100x80000000000000004277853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb92d12a631c62912022-01-04 14:18:49.462root 11241100x80000000000000004277854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1914d1df77943422022-01-04 14:18:49.462root 11241100x80000000000000004277855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a200abcfff0101652022-01-04 14:18:49.462root 11241100x80000000000000004277856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4680cb87e08d502022-01-04 14:18:49.462root 11241100x80000000000000004277857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7966e016d2278c2022-01-04 14:18:49.959root 11241100x80000000000000004277858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ef7b61c5f560ce2022-01-04 14:18:49.959root 11241100x80000000000000004277859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdcad81746eabcc2022-01-04 14:18:49.959root 11241100x80000000000000004277860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a3b39cfe2261d72022-01-04 14:18:49.959root 11241100x80000000000000004277861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652d1491946f19c42022-01-04 14:18:49.959root 11241100x80000000000000004277862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea720baa2fa8dd912022-01-04 14:18:49.960root 11241100x80000000000000004277863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7689dd2b8fb2932022-01-04 14:18:49.960root 11241100x80000000000000004277864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb9204947a89c4a2022-01-04 14:18:49.960root 11241100x80000000000000004277865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8d5048eadf6ace2022-01-04 14:18:49.960root 11241100x80000000000000004277866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c428ce2b95926932022-01-04 14:18:49.960root 11241100x80000000000000004277867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f64d12664aea802022-01-04 14:18:49.960root 11241100x80000000000000004277868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e984e62bbf4129a42022-01-04 14:18:49.960root 11241100x80000000000000004277869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a7850660102b772022-01-04 14:18:49.960root 11241100x80000000000000004277870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d0278e44104d672022-01-04 14:18:49.960root 11241100x80000000000000004277871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a0212fc0b7ad3a2022-01-04 14:18:49.961root 11241100x80000000000000004277872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c341990957deaf9c2022-01-04 14:18:49.961root 11241100x80000000000000004277873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c908984875f7f9612022-01-04 14:18:49.961root 11241100x80000000000000004277874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a9df53860af2762022-01-04 14:18:49.961root 11241100x80000000000000004277875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c029b49c9e325aaf2022-01-04 14:18:49.961root 11241100x80000000000000004277876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3d0f76919414362022-01-04 14:18:49.961root 11241100x80000000000000004277877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ebf6ed8f597862022-01-04 14:18:49.961root 11241100x80000000000000004277878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd80bfba04640f2022-01-04 14:18:49.961root 11241100x80000000000000004277879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50df8c9cd237d042022-01-04 14:18:49.961root 11241100x80000000000000004277880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad699505fa0b7132022-01-04 14:18:49.961root 11241100x80000000000000004277881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e10ed7b842a35b2022-01-04 14:18:49.962root 11241100x80000000000000004277882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363404da5b0bc5052022-01-04 14:18:49.962root 11241100x80000000000000004277883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895f7bedf2fadca62022-01-04 14:18:49.962root 11241100x80000000000000004277884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775477718c2eb6e2022-01-04 14:18:49.962root 11241100x80000000000000004277885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d8fc8da249184a2022-01-04 14:18:49.962root 11241100x80000000000000004277886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea67453c7db8de72022-01-04 14:18:49.962root 11241100x80000000000000004277887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7382542c401d95cc2022-01-04 14:18:49.962root 11241100x80000000000000004277888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a24611abee0bff2022-01-04 14:18:49.962root 11241100x80000000000000004277889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfbae1eea39dd572022-01-04 14:18:49.962root 11241100x80000000000000004277890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb0de72bac1fe602022-01-04 14:18:49.963root 11241100x80000000000000004277891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735926cca37132c02022-01-04 14:18:50.459root 11241100x80000000000000004277892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ecdff7b5a830a72022-01-04 14:18:50.460root 11241100x80000000000000004277893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1229ee27e6a80dc52022-01-04 14:18:50.460root 11241100x80000000000000004277894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad25e6f00a55ad9e2022-01-04 14:18:50.460root 11241100x80000000000000004277895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad546881870a252022-01-04 14:18:50.460root 11241100x80000000000000004277896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8629cedfaee7ce2022-01-04 14:18:50.460root 11241100x80000000000000004277897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1da426d903a0be52022-01-04 14:18:50.460root 11241100x80000000000000004277898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc0e4eb37dbddd02022-01-04 14:18:50.460root 11241100x80000000000000004277899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fbf4c3849009252022-01-04 14:18:50.460root 11241100x80000000000000004277900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f820cccd79c3e1992022-01-04 14:18:50.461root 11241100x80000000000000004277901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6c6785d14bb6cd2022-01-04 14:18:50.461root 11241100x80000000000000004277902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c7f45fa89e12832022-01-04 14:18:50.461root 11241100x80000000000000004277903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5455c0abe9a3512022-01-04 14:18:50.461root 11241100x80000000000000004277904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2ea622e18b8f032022-01-04 14:18:50.461root 11241100x80000000000000004277905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71be47717cf59542022-01-04 14:18:50.461root 11241100x80000000000000004277906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1c4c30f5e362d42022-01-04 14:18:50.461root 11241100x80000000000000004277907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ccbbcadd8be2582022-01-04 14:18:50.462root 11241100x80000000000000004277908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e2c2bd8c428c3a2022-01-04 14:18:50.462root 11241100x80000000000000004277909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91ac4fd40b97e702022-01-04 14:18:50.462root 11241100x80000000000000004277910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0859e967c3de6d2022-01-04 14:18:50.462root 11241100x80000000000000004277911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25e902ba33c87672022-01-04 14:18:50.462root 11241100x80000000000000004277912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80e604869970c532022-01-04 14:18:50.462root 11241100x80000000000000004277913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a4387308b270312022-01-04 14:18:50.462root 11241100x80000000000000004277914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e51df2abc0bd53e2022-01-04 14:18:50.462root 11241100x80000000000000004277915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddb9c5b68b9af652022-01-04 14:18:50.462root 11241100x80000000000000004277916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f627cfecabf431ea2022-01-04 14:18:50.462root 11241100x80000000000000004277917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f541f25b3b6d0312022-01-04 14:18:50.462root 11241100x80000000000000004277918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d9a6d30ea433da2022-01-04 14:18:50.462root 11241100x80000000000000004277919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f9627af1fdcf472022-01-04 14:18:50.463root 11241100x80000000000000004277920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12336514c778600f2022-01-04 14:18:50.959root 11241100x80000000000000004277921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795c09c57c7ca8f62022-01-04 14:18:50.960root 11241100x80000000000000004277922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f8c931060558ee2022-01-04 14:18:50.960root 11241100x80000000000000004277923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6b10a00d6ae3142022-01-04 14:18:50.960root 11241100x80000000000000004277924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b68984ef08c5872022-01-04 14:18:50.960root 11241100x80000000000000004277925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4e182ce90fc1b72022-01-04 14:18:50.960root 11241100x80000000000000004277926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b6dcd8ece461fc2022-01-04 14:18:50.960root 11241100x80000000000000004277927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95df78525dc7c9072022-01-04 14:18:50.960root 11241100x80000000000000004277928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea77de4f7b0eed1d2022-01-04 14:18:50.960root 11241100x80000000000000004277929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db59f449e9fc542e2022-01-04 14:18:50.960root 11241100x80000000000000004277930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55008bce1d8382152022-01-04 14:18:50.960root 11241100x80000000000000004277931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03622eadc5538ee42022-01-04 14:18:50.961root 11241100x80000000000000004277932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8161c513a51d211a2022-01-04 14:18:50.961root 11241100x80000000000000004277933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01dc4855d738de62022-01-04 14:18:50.961root 11241100x80000000000000004277934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b4e70c6c91132f2022-01-04 14:18:50.961root 11241100x80000000000000004277935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30407c8afde53f02022-01-04 14:18:50.961root 11241100x80000000000000004277936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bccf92b9c6d0b962022-01-04 14:18:50.961root 11241100x80000000000000004277937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab7a27b3714fad52022-01-04 14:18:50.961root 11241100x80000000000000004277938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb32cf5a7756b992022-01-04 14:18:50.961root 11241100x80000000000000004277939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fba44180ff4974a2022-01-04 14:18:50.961root 11241100x80000000000000004277940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6072090b70fb142022-01-04 14:18:50.961root 11241100x80000000000000004277941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b36e0f782bd5f1a2022-01-04 14:18:50.961root 11241100x80000000000000004277942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80803154006c401d2022-01-04 14:18:50.961root 11241100x80000000000000004277943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac998fbe8895c42022-01-04 14:18:50.962root 11241100x80000000000000004277944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad667e597dc2802022-01-04 14:18:50.962root 11241100x80000000000000004277945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef0abcf4b55963b2022-01-04 14:18:50.962root 11241100x80000000000000004277946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75479be42db8e3d22022-01-04 14:18:50.962root 11241100x80000000000000004277947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae3ad28dbb9f1472022-01-04 14:18:50.962root 11241100x80000000000000004277948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0bb01711a60ee82022-01-04 14:18:50.962root 11241100x80000000000000004277949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eba0a45c947ef3f2022-01-04 14:18:51.459root 11241100x80000000000000004277950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f05ef62323bd3df2022-01-04 14:18:51.459root 11241100x80000000000000004277951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13162f47dd02789b2022-01-04 14:18:51.459root 11241100x80000000000000004277952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b468e5e7525e392022-01-04 14:18:51.459root 11241100x80000000000000004277953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edca53278658c5c2022-01-04 14:18:51.459root 11241100x80000000000000004277954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbdd3de4850973e2022-01-04 14:18:51.459root 11241100x80000000000000004277955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37011357f510f8ea2022-01-04 14:18:51.460root 11241100x80000000000000004277956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846d2210d615d01d2022-01-04 14:18:51.460root 11241100x80000000000000004277957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6090f9aebae62b2022-01-04 14:18:51.460root 11241100x80000000000000004277958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9052c1d27d221552022-01-04 14:18:51.460root 11241100x80000000000000004277959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9b844427912ed02022-01-04 14:18:51.460root 11241100x80000000000000004277960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601b2937d09d78e52022-01-04 14:18:51.460root 11241100x80000000000000004277961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b78096be75933452022-01-04 14:18:51.460root 11241100x80000000000000004277962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae6e9582826b5ba2022-01-04 14:18:51.460root 11241100x80000000000000004277963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f81eeba85ca2e2c2022-01-04 14:18:51.460root 11241100x80000000000000004277964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe06e908a5131842022-01-04 14:18:51.460root 11241100x80000000000000004277965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee474859f35517422022-01-04 14:18:51.460root 11241100x80000000000000004277966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84eb5fc01803b1c2022-01-04 14:18:51.460root 11241100x80000000000000004277967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d60ecf180959332022-01-04 14:18:51.461root 11241100x80000000000000004277968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e364a5c4c83bfef32022-01-04 14:18:51.461root 11241100x80000000000000004277969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06188435fbfef8b22022-01-04 14:18:51.461root 11241100x80000000000000004277970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac5951a65b5cc82022-01-04 14:18:51.461root 11241100x80000000000000004277971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5222ac3fa416e9352022-01-04 14:18:51.461root 11241100x80000000000000004277972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa891f1456efd98d2022-01-04 14:18:51.461root 11241100x80000000000000004277973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c93ae3e1f79bb552022-01-04 14:18:51.461root 11241100x80000000000000004277974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfe063b89c390752022-01-04 14:18:51.461root 11241100x80000000000000004277975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7703c25707bf00e82022-01-04 14:18:51.461root 11241100x80000000000000004277976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce48556404ed0ed32022-01-04 14:18:51.461root 11241100x80000000000000004277977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7292c36b9343baa52022-01-04 14:18:51.461root 11241100x80000000000000004277978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29fe035ac8ec89c2022-01-04 14:18:51.461root 11241100x80000000000000004277979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7e5563356eeb532022-01-04 14:18:51.461root 11241100x80000000000000004277980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c88daed3d4a60f2022-01-04 14:18:51.462root 11241100x80000000000000004277981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63143f26d2b59f092022-01-04 14:18:51.462root 11241100x80000000000000004277982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23429991ffecb13b2022-01-04 14:18:51.960root 11241100x80000000000000004277983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817bad26ec0462952022-01-04 14:18:51.960root 11241100x80000000000000004277984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ac68e7144af8092022-01-04 14:18:51.960root 11241100x80000000000000004277985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8addc8e3c4a8f3e82022-01-04 14:18:51.960root 11241100x80000000000000004277986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e153df231a38ae2022-01-04 14:18:51.960root 11241100x80000000000000004277987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c26d052a721f3072022-01-04 14:18:51.960root 11241100x80000000000000004277988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6528d8f3d9c8d4f42022-01-04 14:18:51.960root 11241100x80000000000000004277989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a4d6692da4f3d42022-01-04 14:18:51.960root 11241100x80000000000000004277990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3086e6de69cddcd2022-01-04 14:18:51.961root 11241100x80000000000000004277991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80f8776d23318532022-01-04 14:18:51.961root 11241100x80000000000000004277992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2a3e8a8e8c0e172022-01-04 14:18:51.961root 11241100x80000000000000004277993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d0846b1771f4442022-01-04 14:18:51.961root 11241100x80000000000000004277994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658b74501d44d42a2022-01-04 14:18:51.961root 11241100x80000000000000004277995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f756c54920485f2022-01-04 14:18:51.961root 11241100x80000000000000004277996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd09b0a02289e5382022-01-04 14:18:51.961root 11241100x80000000000000004277997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945384613a6cfc6e2022-01-04 14:18:51.961root 11241100x80000000000000004277998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb96ac3d1c4a85c2022-01-04 14:18:51.961root 11241100x80000000000000004277999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c621a28d5c10ef052022-01-04 14:18:51.961root 11241100x80000000000000004278000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90bb3f18824c8982022-01-04 14:18:51.961root 11241100x80000000000000004278001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9bd25c564778c72022-01-04 14:18:51.962root 11241100x80000000000000004278002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e98635e18c240f52022-01-04 14:18:51.962root 11241100x80000000000000004278003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88157e567cb58162022-01-04 14:18:51.962root 11241100x80000000000000004278004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f62be88f554d282022-01-04 14:18:51.962root 11241100x80000000000000004278005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630de95a37bd694d2022-01-04 14:18:51.962root 11241100x80000000000000004278006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6331ec41ad1f95dd2022-01-04 14:18:51.962root 11241100x80000000000000004278007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c013231ab17575d2022-01-04 14:18:51.962root 11241100x80000000000000004278008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d512f85c279309e62022-01-04 14:18:51.962root 11241100x80000000000000004278009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d440770c6776362022-01-04 14:18:51.962root 354300x80000000000000004278010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.136{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41512-false10.0.1.12-8000- 11241100x80000000000000004278011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369622f542b131ac2022-01-04 14:18:52.459root 11241100x80000000000000004278012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43c2665d04935fd2022-01-04 14:18:52.460root 11241100x80000000000000004278013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e1b47d7bfbed792022-01-04 14:18:52.460root 11241100x80000000000000004278014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76661012a556ee4b2022-01-04 14:18:52.460root 11241100x80000000000000004278015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452349110db57ca52022-01-04 14:18:52.460root 11241100x80000000000000004278016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab710ade2eb193692022-01-04 14:18:52.461root 11241100x80000000000000004278017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92638e27adc23c812022-01-04 14:18:52.461root 11241100x80000000000000004278018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889750e2371f03fa2022-01-04 14:18:52.461root 11241100x80000000000000004278019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00dec68e872e4ab2022-01-04 14:18:52.461root 11241100x80000000000000004278020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610f3b3857626d672022-01-04 14:18:52.461root 11241100x80000000000000004278021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd97a66660d7e02022-01-04 14:18:52.461root 11241100x80000000000000004278022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd917fb6a765d2d2022-01-04 14:18:52.462root 11241100x80000000000000004278023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578a3c3a6f7261eb2022-01-04 14:18:52.462root 11241100x80000000000000004278024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bd544b1ee58e722022-01-04 14:18:52.462root 11241100x80000000000000004278025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13812eaa3a4abbdd2022-01-04 14:18:52.462root 11241100x80000000000000004278026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001db6cbebb59d5e2022-01-04 14:18:52.462root 11241100x80000000000000004278027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d239329964ddd32022-01-04 14:18:52.462root 11241100x80000000000000004278028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f968c42792ecb3972022-01-04 14:18:52.462root 11241100x80000000000000004278029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b433d75063bd3f732022-01-04 14:18:52.462root 11241100x80000000000000004278030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21d10195107f91b2022-01-04 14:18:52.462root 11241100x80000000000000004278031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db182d97b8eecdd42022-01-04 14:18:52.462root 11241100x80000000000000004278032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e81d1f1bd817542022-01-04 14:18:52.462root 11241100x80000000000000004278033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175849150c07ed792022-01-04 14:18:52.462root 11241100x80000000000000004278034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49459cd8ec2baee82022-01-04 14:18:52.462root 11241100x80000000000000004278035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c660696a408eb12022-01-04 14:18:52.462root 11241100x80000000000000004278036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b606dbfbd456162022-01-04 14:18:52.462root 11241100x80000000000000004278037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe5e69a4ec767672022-01-04 14:18:52.463root 11241100x80000000000000004278038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7693c504c40b8c3d2022-01-04 14:18:52.463root 11241100x80000000000000004278039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0865e6db2be8098f2022-01-04 14:18:52.463root 11241100x80000000000000004278040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d3cbc1c32249622022-01-04 14:18:52.959root 11241100x80000000000000004278041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8af7e7703655612022-01-04 14:18:52.960root 11241100x80000000000000004278042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ba9f502203fa142022-01-04 14:18:52.960root 11241100x80000000000000004278043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6977d41e3fd562012022-01-04 14:18:52.960root 11241100x80000000000000004278044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae5e54aedd562112022-01-04 14:18:52.960root 11241100x80000000000000004278045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9588b1cd830b44f62022-01-04 14:18:52.960root 11241100x80000000000000004278046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05db43447e41fcd82022-01-04 14:18:52.961root 11241100x80000000000000004278047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db33c5b11636e9692022-01-04 14:18:52.961root 11241100x80000000000000004278048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4818fc4fd9daa4cf2022-01-04 14:18:52.961root 11241100x80000000000000004278049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a272a9460d187c2022-01-04 14:18:52.961root 11241100x80000000000000004278050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8ba84b51191dc32022-01-04 14:18:52.961root 11241100x80000000000000004278051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2d4cc7efd3d6322022-01-04 14:18:52.961root 11241100x80000000000000004278052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b608ed8f9bf73b252022-01-04 14:18:52.962root 11241100x80000000000000004278053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f2ddc0a0e7f0f2022-01-04 14:18:52.962root 11241100x80000000000000004278054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff0aea233f32ddd2022-01-04 14:18:52.962root 11241100x80000000000000004278055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8b91f478f535912022-01-04 14:18:52.962root 11241100x80000000000000004278056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085dbf04288c83772022-01-04 14:18:52.962root 11241100x80000000000000004278057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ca754bea3b0a912022-01-04 14:18:52.962root 11241100x80000000000000004278058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89b6e9daac9fad2022-01-04 14:18:52.962root 11241100x80000000000000004278059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c49dc29ac57792022-01-04 14:18:52.962root 11241100x80000000000000004278060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7a237a5d7709632022-01-04 14:18:52.962root 11241100x80000000000000004278061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890af28dca4f55252022-01-04 14:18:52.963root 11241100x80000000000000004278062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2397a285cb0ce6e52022-01-04 14:18:52.963root 11241100x80000000000000004278063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4142dd259e2ebaf72022-01-04 14:18:52.963root 11241100x80000000000000004278064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60761f3963853ffd2022-01-04 14:18:52.963root 11241100x80000000000000004278065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873912e275feb3ba2022-01-04 14:18:52.963root 11241100x80000000000000004278066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a018c770b588f0b22022-01-04 14:18:52.963root 11241100x80000000000000004278067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db4f743d68d370a2022-01-04 14:18:52.963root 11241100x80000000000000004278068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e598552402c3d92022-01-04 14:18:52.963root 11241100x80000000000000004278069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd887b328419d4982022-01-04 14:18:52.963root 11241100x80000000000000004278070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7458fb4cb69c1d6d2022-01-04 14:18:53.459root 11241100x80000000000000004278071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b87401f720160d2022-01-04 14:18:53.459root 11241100x80000000000000004278072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e50a104d832ebf2022-01-04 14:18:53.459root 11241100x80000000000000004278073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a596fae19eda6c2022-01-04 14:18:53.460root 11241100x80000000000000004278074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc59961b2eecbee2022-01-04 14:18:53.460root 11241100x80000000000000004278075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5715dbd5528b0c22022-01-04 14:18:53.460root 11241100x80000000000000004278076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51dd995f00d80792022-01-04 14:18:53.460root 11241100x80000000000000004278077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a958a5dac608c5bd2022-01-04 14:18:53.460root 11241100x80000000000000004278078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a3d20831d306592022-01-04 14:18:53.460root 11241100x80000000000000004278079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d944b14d81b0fa2022-01-04 14:18:53.461root 11241100x80000000000000004278080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c3bceb0b710ca72022-01-04 14:18:53.461root 11241100x80000000000000004278081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980b53c4fb702d9c2022-01-04 14:18:53.461root 11241100x80000000000000004278082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62793f43b67972e2022-01-04 14:18:53.461root 11241100x80000000000000004278083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f34bf5b7495b4a2022-01-04 14:18:53.462root 11241100x80000000000000004278084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef4fc59f9b33a912022-01-04 14:18:53.462root 11241100x80000000000000004278085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2079bf332c419d722022-01-04 14:18:53.462root 11241100x80000000000000004278086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5022f80dd2696fa2022-01-04 14:18:53.462root 11241100x80000000000000004278087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64d9b1bc3a466192022-01-04 14:18:53.462root 11241100x80000000000000004278088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b15aaca0581d97b2022-01-04 14:18:53.462root 11241100x80000000000000004278089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53f6c55ca3826232022-01-04 14:18:53.462root 11241100x80000000000000004278090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6ffab23ade62022022-01-04 14:18:53.462root 11241100x80000000000000004278091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eb5b82f49c38512022-01-04 14:18:53.462root 11241100x80000000000000004278092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deada8455c339e12022-01-04 14:18:53.462root 11241100x80000000000000004278093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6e788bfd4840bd2022-01-04 14:18:53.462root 11241100x80000000000000004278094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f120e6cf78dddff02022-01-04 14:18:53.462root 11241100x80000000000000004278095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f52569c6182a6472022-01-04 14:18:53.463root 11241100x80000000000000004278096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa86a46b17afb6562022-01-04 14:18:53.463root 11241100x80000000000000004278097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152a0e5438b9bec82022-01-04 14:18:53.463root 11241100x80000000000000004278098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b135d6796dcd7282022-01-04 14:18:53.463root 11241100x80000000000000004278099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8998ca076b40302b2022-01-04 14:18:53.463root 11241100x80000000000000004278100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e147f9f62aa592d2022-01-04 14:18:53.463root 11241100x80000000000000004278101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3a07e52c48454e2022-01-04 14:18:53.463root 11241100x80000000000000004278102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf1665b82ef8412022-01-04 14:18:53.463root 11241100x80000000000000004278103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfac9c4b6c3cf1172022-01-04 14:18:53.463root 11241100x80000000000000004278104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e9e6678c99cb032022-01-04 14:18:53.959root 11241100x80000000000000004278105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9bbd4d6a50aeec2022-01-04 14:18:53.959root 11241100x80000000000000004278106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c522729d7aa0e52022-01-04 14:18:53.959root 11241100x80000000000000004278107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35324ae64bd8e9232022-01-04 14:18:53.959root 11241100x80000000000000004278108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd66887ab1ca0432022-01-04 14:18:53.959root 11241100x80000000000000004278109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26730bb04788da62022-01-04 14:18:53.959root 11241100x80000000000000004278110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6281f968f0adb6972022-01-04 14:18:53.959root 11241100x80000000000000004278111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fff3c2a729b4132022-01-04 14:18:53.960root 11241100x80000000000000004278112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe3808d922ba3ff2022-01-04 14:18:53.960root 11241100x80000000000000004278113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30ed1e09229d0be2022-01-04 14:18:53.960root 11241100x80000000000000004278114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac63d7acf2e100492022-01-04 14:18:53.960root 11241100x80000000000000004278115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7753543f1021bb92022-01-04 14:18:53.960root 11241100x80000000000000004278116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27158d1aec3b0dc52022-01-04 14:18:53.960root 11241100x80000000000000004278117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2e81ead893f0e82022-01-04 14:18:53.960root 11241100x80000000000000004278118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0450bf617354db1f2022-01-04 14:18:53.960root 11241100x80000000000000004278119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cac2928b57ed292022-01-04 14:18:53.960root 11241100x80000000000000004278120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7576493457c8892022-01-04 14:18:53.960root 11241100x80000000000000004278121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee1cc5e19f5f8d2022-01-04 14:18:53.961root 11241100x80000000000000004278122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03cd64d15633b0a2022-01-04 14:18:53.961root 11241100x80000000000000004278123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5214b1402806742022-01-04 14:18:53.961root 11241100x80000000000000004278124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f794c271baf212022-01-04 14:18:53.961root 11241100x80000000000000004278125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a497a125c7f3b44f2022-01-04 14:18:53.961root 11241100x80000000000000004278126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92700d564b1730b2022-01-04 14:18:53.961root 11241100x80000000000000004278127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d9ec149658b462022-01-04 14:18:53.961root 11241100x80000000000000004278128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86923b40a2976d272022-01-04 14:18:53.961root 11241100x80000000000000004278129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902757ff261463882022-01-04 14:18:53.961root 11241100x80000000000000004278130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1cc57afddf1d5b2022-01-04 14:18:53.961root 11241100x80000000000000004278131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8125654ae6d27c62022-01-04 14:18:53.961root 11241100x80000000000000004278132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923e9673fcfafd5b2022-01-04 14:18:53.962root 11241100x80000000000000004278133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfc6c09233dcdc62022-01-04 14:18:53.962root 11241100x80000000000000004278134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a2986984a22f12022-01-04 14:18:53.962root 11241100x80000000000000004278135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f73afa11485d3b32022-01-04 14:18:53.962root 11241100x80000000000000004278136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca31df604afab92022-01-04 14:18:53.962root 11241100x80000000000000004278137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee6c116c47766d72022-01-04 14:18:53.962root 11241100x80000000000000004278138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8130f8126dfa1a2022-01-04 14:18:54.459root 11241100x80000000000000004278139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a24d3f89cbeb772022-01-04 14:18:54.459root 11241100x80000000000000004278140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f607a4d3feec9efe2022-01-04 14:18:54.460root 11241100x80000000000000004278141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4a347a5e75f5592022-01-04 14:18:54.460root 11241100x80000000000000004278142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b87e09cbace0c32022-01-04 14:18:54.460root 11241100x80000000000000004278143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9276d78df4d5da2022-01-04 14:18:54.460root 11241100x80000000000000004278144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a21675d16878db92022-01-04 14:18:54.460root 11241100x80000000000000004278145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ee53ce34602d282022-01-04 14:18:54.460root 11241100x80000000000000004278146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd64f6855e528552022-01-04 14:18:54.460root 11241100x80000000000000004278147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e42317fa7e7902022-01-04 14:18:54.460root 11241100x80000000000000004278148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbadd92e3beb16b02022-01-04 14:18:54.460root 11241100x80000000000000004278149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949e8d4eb50287382022-01-04 14:18:54.460root 11241100x80000000000000004278150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc829e11a56248802022-01-04 14:18:54.460root 11241100x80000000000000004278151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffddc2b45f4ad8872022-01-04 14:18:54.460root 11241100x80000000000000004278152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb2b7e633be7d8f2022-01-04 14:18:54.460root 11241100x80000000000000004278153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5546cacaf72e67032022-01-04 14:18:54.460root 11241100x80000000000000004278154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbaec89d15bba3a2022-01-04 14:18:54.461root 11241100x80000000000000004278155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2471531f2222fd2022-01-04 14:18:54.461root 11241100x80000000000000004278156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a1fb1dcf96b6052022-01-04 14:18:54.461root 11241100x80000000000000004278157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8486e4f88cf14aa2022-01-04 14:18:54.461root 11241100x80000000000000004278158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b096e8a8961b04722022-01-04 14:18:54.461root 11241100x80000000000000004278159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1feba0c3d9139cf2022-01-04 14:18:54.461root 11241100x80000000000000004278160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f031bf594141e92022-01-04 14:18:54.462root 11241100x80000000000000004278161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644470f59d6ade32022-01-04 14:18:54.462root 11241100x80000000000000004278162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8ae033ab129a7d2022-01-04 14:18:54.462root 11241100x80000000000000004278163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dcc34171acf2562022-01-04 14:18:54.462root 11241100x80000000000000004278164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f363af79eb678522022-01-04 14:18:54.462root 11241100x80000000000000004278165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e23cb01161b1f2022-01-04 14:18:54.462root 11241100x80000000000000004278166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f1629160f5169a2022-01-04 14:18:54.462root 11241100x80000000000000004278167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f95a54ee0e7ab722022-01-04 14:18:54.462root 11241100x80000000000000004278168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2430517911602da2022-01-04 14:18:54.959root 11241100x80000000000000004278169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ac28a251aac0412022-01-04 14:18:54.959root 11241100x80000000000000004278170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a754648fe3a269f62022-01-04 14:18:54.959root 11241100x80000000000000004278171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c596fdff602b72022-01-04 14:18:54.960root 11241100x80000000000000004278172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2949cc8d0f2fc2692022-01-04 14:18:54.960root 11241100x80000000000000004278173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1383420b23fb662022-01-04 14:18:54.960root 11241100x80000000000000004278174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de32a55f36d338b02022-01-04 14:18:54.960root 11241100x80000000000000004278175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e679732932f169f52022-01-04 14:18:54.960root 11241100x80000000000000004278176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f20f6cb32f3d6792022-01-04 14:18:54.960root 11241100x80000000000000004278177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12e83f89c603bc72022-01-04 14:18:54.960root 11241100x80000000000000004278178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891ad7912b46cf0e2022-01-04 14:18:54.960root 11241100x80000000000000004278179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f1b2f19a8bfbae2022-01-04 14:18:54.960root 11241100x80000000000000004278180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38a6ab5c315cba52022-01-04 14:18:54.960root 11241100x80000000000000004278181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17627fc3672af8d12022-01-04 14:18:54.960root 11241100x80000000000000004278182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419d187b8921ef5f2022-01-04 14:18:54.961root 11241100x80000000000000004278183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993e982500062e782022-01-04 14:18:54.961root 11241100x80000000000000004278184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60f63feb944a56d2022-01-04 14:18:54.961root 11241100x80000000000000004278185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d02272e1155f1a2022-01-04 14:18:54.961root 11241100x80000000000000004278186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b1aff1792c0a212022-01-04 14:18:54.961root 11241100x80000000000000004278187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17873e21e60345512022-01-04 14:18:54.961root 11241100x80000000000000004278188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a32f3ebf0854042022-01-04 14:18:54.961root 11241100x80000000000000004278189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d61abf2d6f9fef2022-01-04 14:18:54.961root 11241100x80000000000000004278190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07cee3989ee15b82022-01-04 14:18:54.961root 11241100x80000000000000004278191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d466902c804e46c12022-01-04 14:18:54.961root 11241100x80000000000000004278192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6903f39c87159a2022-01-04 14:18:54.961root 11241100x80000000000000004278193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccffe626ca004382022-01-04 14:18:54.961root 11241100x80000000000000004278194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daf1ba08ccc93262022-01-04 14:18:54.962root 11241100x80000000000000004278195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aebf727cd4c19c2022-01-04 14:18:54.962root 11241100x80000000000000004278196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047dce3888cf22ea2022-01-04 14:18:54.962root 11241100x80000000000000004278197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328d45ce0d3f6b6b2022-01-04 14:18:54.962root 11241100x80000000000000004278198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698d0ce68a526202022-01-04 14:18:55.459root 11241100x80000000000000004278199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5772b3c4d9fef2a2022-01-04 14:18:55.459root 11241100x80000000000000004278200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595cde793cb672772022-01-04 14:18:55.459root 11241100x80000000000000004278201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abbc7ecc78a2d652022-01-04 14:18:55.459root 11241100x80000000000000004278202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bd4c94a568318f2022-01-04 14:18:55.460root 11241100x80000000000000004278203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cc62327e0c6cda2022-01-04 14:18:55.460root 11241100x80000000000000004278204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79a8ef293890a5c2022-01-04 14:18:55.460root 11241100x80000000000000004278205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eb2d5c951a408b2022-01-04 14:18:55.460root 11241100x80000000000000004278206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6027686d0d76652f2022-01-04 14:18:55.460root 11241100x80000000000000004278207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c8090c7e0d5102022-01-04 14:18:55.460root 11241100x80000000000000004278208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a017d9f201e3baf2022-01-04 14:18:55.461root 11241100x80000000000000004278209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f45647c29072e02022-01-04 14:18:55.461root 11241100x80000000000000004278210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e540404095e1eefc2022-01-04 14:18:55.461root 11241100x80000000000000004278211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a99801f6f7b9b02022-01-04 14:18:55.461root 11241100x80000000000000004278212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be0388186f185b32022-01-04 14:18:55.461root 11241100x80000000000000004278213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da623a9480f4850f2022-01-04 14:18:55.461root 11241100x80000000000000004278214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffdda137b988bcd2022-01-04 14:18:55.461root 11241100x80000000000000004278215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac44464a56c0449d2022-01-04 14:18:55.461root 11241100x80000000000000004278216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf48edf73f1e5b3c2022-01-04 14:18:55.462root 11241100x80000000000000004278217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9637ac8d29e6ca432022-01-04 14:18:55.462root 11241100x80000000000000004278218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e4ad091fd043b2022-01-04 14:18:55.462root 11241100x80000000000000004278219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d8f9ae576a235d2022-01-04 14:18:55.462root 11241100x80000000000000004278220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bc54efa049c0a92022-01-04 14:18:55.462root 11241100x80000000000000004278221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b95c867cb398ab12022-01-04 14:18:55.462root 11241100x80000000000000004278222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c25f6df0e81d02022-01-04 14:18:55.463root 11241100x80000000000000004278223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda1ae20d385702f2022-01-04 14:18:55.463root 11241100x80000000000000004278224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d063f41a5d12ef2022-01-04 14:18:55.463root 11241100x80000000000000004278225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdacbe75c4477732022-01-04 14:18:55.463root 11241100x80000000000000004278226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525878bfca6e65f72022-01-04 14:18:55.463root 11241100x80000000000000004278227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506b28b8182b01e92022-01-04 14:18:55.463root 11241100x80000000000000004278228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0472572307ed772022-01-04 14:18:55.463root 11241100x80000000000000004278229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23090c7f2cfd9bba2022-01-04 14:18:55.464root 11241100x80000000000000004278230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88ad509a4852d662022-01-04 14:18:55.464root 11241100x80000000000000004278231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3041f8d1468b1bf12022-01-04 14:18:55.464root 11241100x80000000000000004278232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8b242ed046bae2022-01-04 14:18:55.464root 11241100x80000000000000004278233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0e82b7959e57b62022-01-04 14:18:55.960root 11241100x80000000000000004278234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46277271891c7b22022-01-04 14:18:55.960root 11241100x80000000000000004278235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399c78e8cc7b91f42022-01-04 14:18:55.960root 11241100x80000000000000004278236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbe4b8117d0147a2022-01-04 14:18:55.960root 11241100x80000000000000004278237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec5cdbfa036bafa2022-01-04 14:18:55.960root 11241100x80000000000000004278238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e2b4e2770bc662022-01-04 14:18:55.960root 11241100x80000000000000004278239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf67ce8b7a5375d2022-01-04 14:18:55.960root 11241100x80000000000000004278240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b8397c59f55992022-01-04 14:18:55.961root 11241100x80000000000000004278241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec32e85737ba1612022-01-04 14:18:55.961root 11241100x80000000000000004278242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2973d2a14157792022-01-04 14:18:55.961root 11241100x80000000000000004278243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5e3888942ea8332022-01-04 14:18:55.961root 11241100x80000000000000004278244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79a31e1b7eebfb02022-01-04 14:18:55.961root 11241100x80000000000000004278245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565e81af78f3b5ad2022-01-04 14:18:55.961root 11241100x80000000000000004278246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79092ade3fafe0d32022-01-04 14:18:55.961root 11241100x80000000000000004278247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7c83e467581c82022-01-04 14:18:55.961root 11241100x80000000000000004278248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236ae405d349a76f2022-01-04 14:18:55.961root 11241100x80000000000000004278249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77032f298e54393b2022-01-04 14:18:55.962root 11241100x80000000000000004278250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf326fe7d7a2c9202022-01-04 14:18:55.962root 11241100x80000000000000004278251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c54b63221a95f32022-01-04 14:18:55.962root 11241100x80000000000000004278252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df3326b4bc098e92022-01-04 14:18:55.962root 11241100x80000000000000004278253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a61aa83d6175012022-01-04 14:18:55.962root 11241100x80000000000000004278254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e2116b3416299b2022-01-04 14:18:55.962root 11241100x80000000000000004278255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76c467ee80b6e962022-01-04 14:18:55.962root 11241100x80000000000000004278256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c403f98e6671d6d62022-01-04 14:18:55.962root 11241100x80000000000000004278257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980370a49b90b832022-01-04 14:18:55.962root 11241100x80000000000000004278258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4f62f92aa2c2562022-01-04 14:18:55.962root 11241100x80000000000000004278259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d7f7d340960a32022-01-04 14:18:55.963root 11241100x80000000000000004278260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650483702afd839b2022-01-04 14:18:55.963root 11241100x80000000000000004278261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e4ff12be52c6462022-01-04 14:18:55.963root 11241100x80000000000000004278262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c813d99ea1991d2022-01-04 14:18:56.459root 11241100x80000000000000004278263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54feb13e65107ce2022-01-04 14:18:56.459root 11241100x80000000000000004278264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b3447c2844f9a42022-01-04 14:18:56.459root 11241100x80000000000000004278265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc55f24bd95ee3a02022-01-04 14:18:56.459root 11241100x80000000000000004278266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fffb1f330e585212022-01-04 14:18:56.459root 11241100x80000000000000004278267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97af0e6f652b0b22022-01-04 14:18:56.460root 11241100x80000000000000004278268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4e01f64c80eed32022-01-04 14:18:56.460root 11241100x80000000000000004278269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b304ed25185b2e22022-01-04 14:18:56.460root 11241100x80000000000000004278270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14b6b0e40b670012022-01-04 14:18:56.460root 11241100x80000000000000004278271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e10ad8259c5ff882022-01-04 14:18:56.460root 11241100x80000000000000004278272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6e70db983830ac2022-01-04 14:18:56.460root 11241100x80000000000000004278273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c50c68d53f74122022-01-04 14:18:56.461root 11241100x80000000000000004278274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c3607737b15f32022-01-04 14:18:56.461root 11241100x80000000000000004278275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df18c15b3c128642022-01-04 14:18:56.461root 11241100x80000000000000004278276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0122f2ef66280e2022-01-04 14:18:56.461root 11241100x80000000000000004278277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afda0b6e6c8f2a22022-01-04 14:18:56.461root 11241100x80000000000000004278278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de7fe0ccddc99882022-01-04 14:18:56.461root 11241100x80000000000000004278279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c717af69918ee77c2022-01-04 14:18:56.462root 11241100x80000000000000004278280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19b2dd42fd68082022-01-04 14:18:56.462root 11241100x80000000000000004278281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da671728650802742022-01-04 14:18:56.462root 11241100x80000000000000004278282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee1bbe5e22f9382022-01-04 14:18:56.462root 11241100x80000000000000004278283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fafc3744bef5dbd2022-01-04 14:18:56.462root 11241100x80000000000000004278284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8106f1eea4183d2022-01-04 14:18:56.463root 11241100x80000000000000004278285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ad321c7c1389842022-01-04 14:18:56.463root 11241100x80000000000000004278286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0361a28be1f67e462022-01-04 14:18:56.463root 11241100x80000000000000004278287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb889a1581e4b372022-01-04 14:18:56.463root 11241100x80000000000000004278288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f2a9e0283d8682022-01-04 14:18:56.463root 11241100x80000000000000004278289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9af4ebc4d08dc22022-01-04 14:18:56.464root 11241100x80000000000000004278290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d7b9ecf4b046c2022-01-04 14:18:56.464root 11241100x80000000000000004278291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cd7b26e9b56a012022-01-04 14:18:56.464root 11241100x80000000000000004278292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef0705290dc10d2022-01-04 14:18:56.464root 11241100x80000000000000004278293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565257530dfcef282022-01-04 14:18:56.464root 11241100x80000000000000004278294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03d9ec59c5071bf2022-01-04 14:18:56.465root 11241100x80000000000000004278295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85957bfe1db76e82022-01-04 14:18:56.465root 11241100x80000000000000004278296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108238c408454deb2022-01-04 14:18:56.465root 11241100x80000000000000004278297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d693d5e7e9a298812022-01-04 14:18:56.960root 11241100x80000000000000004278298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aa94b47feb96ed2022-01-04 14:18:56.960root 11241100x80000000000000004278299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e519382b71a16762022-01-04 14:18:56.960root 11241100x80000000000000004278300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4437a7772738a7d22022-01-04 14:18:56.960root 11241100x80000000000000004278301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517d41d00aa7d24b2022-01-04 14:18:56.961root 11241100x80000000000000004278302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25c0257a4711cd42022-01-04 14:18:56.961root 11241100x80000000000000004278303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3822662bf957892022-01-04 14:18:56.961root 11241100x80000000000000004278304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb092cf3ba6305e2022-01-04 14:18:56.961root 11241100x80000000000000004278305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3273e15ca06ce3c52022-01-04 14:18:56.961root 11241100x80000000000000004278306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdf99d81c498c412022-01-04 14:18:56.961root 11241100x80000000000000004278307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fcfe6c9e4113992022-01-04 14:18:56.962root 11241100x80000000000000004278308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e726735f823fc8612022-01-04 14:18:56.962root 11241100x80000000000000004278309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea4cad5422adbe42022-01-04 14:18:56.962root 11241100x80000000000000004278310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22819d642159e3612022-01-04 14:18:56.962root 11241100x80000000000000004278311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9594bb46ac00f272022-01-04 14:18:56.963root 11241100x80000000000000004278312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4b43f476a664382022-01-04 14:18:56.963root 11241100x80000000000000004278313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3a459df7e1529e2022-01-04 14:18:56.963root 11241100x80000000000000004278314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3f186221831b4f2022-01-04 14:18:56.963root 11241100x80000000000000004278315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07922698d3cd7ede2022-01-04 14:18:56.963root 11241100x80000000000000004278316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78fbac6cc3573ba2022-01-04 14:18:56.963root 11241100x80000000000000004278317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed53f2eb9b5572c2022-01-04 14:18:56.964root 11241100x80000000000000004278318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce0222137371d0c2022-01-04 14:18:56.964root 11241100x80000000000000004278319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58abdd24535797992022-01-04 14:18:56.964root 11241100x80000000000000004278320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea9da19f15a71732022-01-04 14:18:56.965root 11241100x80000000000000004278321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07c89a98c0d3dd02022-01-04 14:18:56.965root 11241100x80000000000000004278322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5fc20778ae23262022-01-04 14:18:56.965root 11241100x80000000000000004278323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7dac58aa36fb852022-01-04 14:18:56.965root 11241100x80000000000000004278324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cb404744cc02b82022-01-04 14:18:56.965root 11241100x80000000000000004278325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9876add72bfb9b2022-01-04 14:18:56.966root 11241100x80000000000000004278326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a52b9e2defc9f92022-01-04 14:18:57.459root 11241100x80000000000000004278327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6de2569b82fe6a42022-01-04 14:18:57.460root 11241100x80000000000000004278328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f0aef2fe7073b62022-01-04 14:18:57.460root 11241100x80000000000000004278329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535aa739878df0b32022-01-04 14:18:57.460root 11241100x80000000000000004278330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a094aa80de6f532022-01-04 14:18:57.460root 11241100x80000000000000004278331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1a1e564d2a4e8e2022-01-04 14:18:57.461root 11241100x80000000000000004278332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edad6cdc85354fa2022-01-04 14:18:57.461root 11241100x80000000000000004278333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57c8044b02df5052022-01-04 14:18:57.461root 11241100x80000000000000004278334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0f1b50627a31472022-01-04 14:18:57.461root 11241100x80000000000000004278335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbca39d5822a31a2022-01-04 14:18:57.461root 11241100x80000000000000004278336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f76a49431d3a0c2022-01-04 14:18:57.461root 11241100x80000000000000004278337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f3c9414f8423412022-01-04 14:18:57.462root 11241100x80000000000000004278338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d68512deaf49fcb2022-01-04 14:18:57.462root 11241100x80000000000000004278339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d2e6ee9f08d3a2022-01-04 14:18:57.462root 11241100x80000000000000004278340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911dea49bb24549d2022-01-04 14:18:57.462root 11241100x80000000000000004278341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ab7bb426f315902022-01-04 14:18:57.462root 11241100x80000000000000004278342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feff2ab58fc7cf752022-01-04 14:18:57.462root 11241100x80000000000000004278343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b276577ea20538a22022-01-04 14:18:57.463root 11241100x80000000000000004278344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890868c25a5da9562022-01-04 14:18:57.463root 11241100x80000000000000004278345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e72cb337005e7c32022-01-04 14:18:57.463root 11241100x80000000000000004278346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea23507d6406f1d2022-01-04 14:18:57.463root 11241100x80000000000000004278347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df52b5da4efed0f52022-01-04 14:18:57.463root 11241100x80000000000000004278348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafb746ab83b29ef2022-01-04 14:18:57.464root 11241100x80000000000000004278349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dd23716fe7683d2022-01-04 14:18:57.464root 11241100x80000000000000004278350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0729b7116c9ae1a12022-01-04 14:18:57.464root 11241100x80000000000000004278351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e772d2c77db452022-01-04 14:18:57.464root 11241100x80000000000000004278352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5fffc687f4254f2022-01-04 14:18:57.464root 11241100x80000000000000004278353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ed25ea23f33e7d2022-01-04 14:18:57.464root 11241100x80000000000000004278354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581b7089b6d28e102022-01-04 14:18:57.464root 11241100x80000000000000004278355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940ce3236dcbbb592022-01-04 14:18:57.464root 11241100x80000000000000004278356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c833a7652c1c06c2022-01-04 14:18:57.959root 11241100x80000000000000004278357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea96239f6831a052022-01-04 14:18:57.959root 11241100x80000000000000004278358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120435daa1d6993d2022-01-04 14:18:57.959root 11241100x80000000000000004278359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d235fd3c7887c9c2022-01-04 14:18:57.960root 11241100x80000000000000004278360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc959c679b67d5f12022-01-04 14:18:57.960root 11241100x80000000000000004278361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1f67e9900195162022-01-04 14:18:57.960root 11241100x80000000000000004278362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6f666b1c8279bd2022-01-04 14:18:57.960root 11241100x80000000000000004278363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e066b5078c1fa2072022-01-04 14:18:57.960root 11241100x80000000000000004278364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1842db2c6dc1872022-01-04 14:18:57.960root 11241100x80000000000000004278365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec38e2b6d5abc212022-01-04 14:18:57.961root 11241100x80000000000000004278366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e2496b2dc884bc2022-01-04 14:18:57.961root 11241100x80000000000000004278367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0206c6321b5e38382022-01-04 14:18:57.961root 11241100x80000000000000004278368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10633087379e90ae2022-01-04 14:18:57.961root 11241100x80000000000000004278369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0204ecbad2c320022022-01-04 14:18:57.961root 11241100x80000000000000004278370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec037d163e0529212022-01-04 14:18:57.961root 11241100x80000000000000004278371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac79c46ba261cae02022-01-04 14:18:57.961root 11241100x80000000000000004278372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbd90c6f77617982022-01-04 14:18:57.962root 11241100x80000000000000004278373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86650885363d2aa42022-01-04 14:18:57.962root 11241100x80000000000000004278374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f66f1b65b2be8f42022-01-04 14:18:57.962root 11241100x80000000000000004278375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6275500dd8348a2022-01-04 14:18:57.962root 11241100x80000000000000004278376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a2ccfff4db0ffc2022-01-04 14:18:57.962root 11241100x80000000000000004278377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5ee1ca5d471eab2022-01-04 14:18:57.962root 11241100x80000000000000004278378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8173ed48e3d97e312022-01-04 14:18:57.962root 11241100x80000000000000004278379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e03ba5336350e82022-01-04 14:18:57.963root 11241100x80000000000000004278380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6729ec5a170a65c2022-01-04 14:18:57.963root 11241100x80000000000000004278381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5473b93a0b3023672022-01-04 14:18:57.963root 11241100x80000000000000004278382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3072c5d29bfb772022-01-04 14:18:57.963root 11241100x80000000000000004278383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab96ac89d59a23d2022-01-04 14:18:57.963root 11241100x80000000000000004278384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faacb4f96a3557f72022-01-04 14:18:57.963root 11241100x80000000000000004278385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87638ac7438a3992022-01-04 14:18:57.963root 11241100x80000000000000004278386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e158219589327432022-01-04 14:18:57.963root 11241100x80000000000000004278387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602d5b7818215a2c2022-01-04 14:18:57.964root 11241100x80000000000000004278388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f525dcb10e885352022-01-04 14:18:57.964root 11241100x80000000000000004278389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395f8a73efbf97cd2022-01-04 14:18:57.964root 354300x80000000000000004278390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.034{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41514-false10.0.1.12-8000- 11241100x80000000000000004278391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4465380ea720c082022-01-04 14:18:58.459root 11241100x80000000000000004278392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f62ba839d394b82022-01-04 14:18:58.460root 11241100x80000000000000004278393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae313b4e9523e72022-01-04 14:18:58.460root 11241100x80000000000000004278394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f84f9c21b2fd4a2022-01-04 14:18:58.460root 11241100x80000000000000004278395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81252d39f0a6d8f92022-01-04 14:18:58.460root 11241100x80000000000000004278396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0640c8c561fdce22022-01-04 14:18:58.460root 11241100x80000000000000004278397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3056a35a667fd2412022-01-04 14:18:58.461root 11241100x80000000000000004278398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b106f7bb48501342022-01-04 14:18:58.461root 11241100x80000000000000004278399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1ce61963360e062022-01-04 14:18:58.461root 11241100x80000000000000004278400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc3b63754358b092022-01-04 14:18:58.461root 11241100x80000000000000004278401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2a32c81972698a2022-01-04 14:18:58.461root 11241100x80000000000000004278402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ff7308a961f3cb2022-01-04 14:18:58.461root 11241100x80000000000000004278403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c188601ad18dd2022-01-04 14:18:58.461root 11241100x80000000000000004278404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab2368d20155fc42022-01-04 14:18:58.461root 11241100x80000000000000004278405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8579549be942563c2022-01-04 14:18:58.461root 11241100x80000000000000004278406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b3766c6ec889952022-01-04 14:18:58.461root 11241100x80000000000000004278407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deefa9d356aa006c2022-01-04 14:18:58.462root 11241100x80000000000000004278408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba13cfba50c6553d2022-01-04 14:18:58.462root 11241100x80000000000000004278409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f567790aa127fa2022-01-04 14:18:58.462root 11241100x80000000000000004278410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c744eca504076432022-01-04 14:18:58.462root 11241100x80000000000000004278411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e996f241269c6b2022-01-04 14:18:58.462root 11241100x80000000000000004278412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f5031a0e310612022-01-04 14:18:58.462root 11241100x80000000000000004278413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ecfe88ed2b94d82022-01-04 14:18:58.462root 11241100x80000000000000004278414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94c379b0d8559cc2022-01-04 14:18:58.463root 11241100x80000000000000004278415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a7df82de8fa082022-01-04 14:18:58.463root 11241100x80000000000000004278416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de04fa5632085d062022-01-04 14:18:58.464root 11241100x80000000000000004278417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162cbf7ea1fb15aa2022-01-04 14:18:58.464root 11241100x80000000000000004278418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988d2653e147eedf2022-01-04 14:18:58.465root 11241100x80000000000000004278419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018a8609772615542022-01-04 14:18:58.466root 11241100x80000000000000004278420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7115cad3b8c92012022-01-04 14:18:58.466root 11241100x80000000000000004278421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e2d46f7e268f02022-01-04 14:18:58.466root 11241100x80000000000000004278422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d87f12ec06439092022-01-04 14:18:58.466root 11241100x80000000000000004278423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaebbefb33145792022-01-04 14:18:58.959root 11241100x80000000000000004278424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8649822768ac26c02022-01-04 14:18:58.959root 11241100x80000000000000004278425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cb72f9aec4518b2022-01-04 14:18:58.959root 11241100x80000000000000004278426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8742cb7e192ecd2022-01-04 14:18:58.959root 11241100x80000000000000004278427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6949a121c8326f872022-01-04 14:18:58.960root 11241100x80000000000000004278428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51958811f5edc22a2022-01-04 14:18:58.960root 11241100x80000000000000004278429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84614ca9426716952022-01-04 14:18:58.960root 11241100x80000000000000004278430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5bf93998450442022-01-04 14:18:58.960root 11241100x80000000000000004278431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8095e311be10febd2022-01-04 14:18:58.960root 11241100x80000000000000004278432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c69931954f09452022-01-04 14:18:58.960root 11241100x80000000000000004278433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a383518e26a05422022-01-04 14:18:58.960root 11241100x80000000000000004278434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff881ddd35c2d272022-01-04 14:18:58.961root 11241100x80000000000000004278435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b737487b8a381522022-01-04 14:18:58.961root 11241100x80000000000000004278436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46f61b1a1906a6b2022-01-04 14:18:58.961root 11241100x80000000000000004278437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f6674cd2b3b88a2022-01-04 14:18:58.961root 11241100x80000000000000004278438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880fd073d9af5ee22022-01-04 14:18:58.961root 11241100x80000000000000004278439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb173cda81ad7fe2022-01-04 14:18:58.961root 11241100x80000000000000004278440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8908aea0ffacd1172022-01-04 14:18:58.961root 11241100x80000000000000004278441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d756dc645c1368b52022-01-04 14:18:58.961root 11241100x80000000000000004278442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0853f7871ed8824b2022-01-04 14:18:58.961root 11241100x80000000000000004278443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8703b85eaf52f52022-01-04 14:18:58.961root 11241100x80000000000000004278444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d7ccc0588db3e52022-01-04 14:18:58.961root 11241100x80000000000000004278445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18fc7c9dd2999862022-01-04 14:18:58.961root 11241100x80000000000000004278446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10f1bfdc6721432022-01-04 14:18:58.962root 11241100x80000000000000004278447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea3003b248b26372022-01-04 14:18:58.962root 11241100x80000000000000004278448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a963d579c1d8765b2022-01-04 14:18:58.962root 11241100x80000000000000004278449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c581ed1fcf3fd612022-01-04 14:18:58.962root 11241100x80000000000000004278450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f83169f994a2282022-01-04 14:18:58.962root 11241100x80000000000000004278451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36893cfcb9beda562022-01-04 14:18:58.962root 11241100x80000000000000004278452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0946663cd246ffbb2022-01-04 14:18:58.962root 11241100x80000000000000004278453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3890ba2c6c75e22022-01-04 14:18:58.962root 11241100x80000000000000004278454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96929a0bea3e2892022-01-04 14:18:58.962root 11241100x80000000000000004278455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e909d1dbf2b0dd22022-01-04 14:18:58.962root 11241100x80000000000000004278456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d675b413aa7a218e2022-01-04 14:18:59.460root 11241100x80000000000000004278457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710443279927e2bb2022-01-04 14:18:59.460root 11241100x80000000000000004278458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9e7df987e32d52022-01-04 14:18:59.460root 11241100x80000000000000004278459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeb256c38b179562022-01-04 14:18:59.460root 11241100x80000000000000004278460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd5242c740074c82022-01-04 14:18:59.460root 11241100x80000000000000004278461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c176204cb094be42022-01-04 14:18:59.460root 11241100x80000000000000004278462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafb139403889682022-01-04 14:18:59.460root 11241100x80000000000000004278463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6de24454a422612022-01-04 14:18:59.461root 11241100x80000000000000004278464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac08418938fc4b2022-01-04 14:18:59.461root 11241100x80000000000000004278465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea003fc07d82f5812022-01-04 14:18:59.461root 11241100x80000000000000004278466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a208207096b25d952022-01-04 14:18:59.461root 11241100x80000000000000004278467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369e20aa22148b892022-01-04 14:18:59.461root 11241100x80000000000000004278468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bae6e1799cd70062022-01-04 14:18:59.461root 11241100x80000000000000004278469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e599d40ee3148e2022-01-04 14:18:59.461root 11241100x80000000000000004278470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db9df21db6cfb932022-01-04 14:18:59.461root 11241100x80000000000000004278471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c1eaf9766989622022-01-04 14:18:59.461root 11241100x80000000000000004278472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd210adf97977e52022-01-04 14:18:59.461root 11241100x80000000000000004278473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de19f09d5afd9b802022-01-04 14:18:59.461root 11241100x80000000000000004278474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4967112a94e236652022-01-04 14:18:59.461root 11241100x80000000000000004278475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de27aebbac7f009f2022-01-04 14:18:59.462root 11241100x80000000000000004278476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1772c549ea8ae5fa2022-01-04 14:18:59.462root 11241100x80000000000000004278477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cdeb4f881bf2e82022-01-04 14:18:59.462root 11241100x80000000000000004278478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf166ba8e66384fc2022-01-04 14:18:59.462root 11241100x80000000000000004278479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304eee5dee9b0e12022-01-04 14:18:59.462root 11241100x80000000000000004278480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d3bfa246f3e31c2022-01-04 14:18:59.462root 11241100x80000000000000004278481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0922fe10cc23952022-01-04 14:18:59.462root 11241100x80000000000000004278482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe769cbf715d3552022-01-04 14:18:59.462root 11241100x80000000000000004278483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d928d045fb340272022-01-04 14:18:59.462root 11241100x80000000000000004278484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc2f85b7bcc7402022-01-04 14:18:59.462root 11241100x80000000000000004278485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2871cbb546d262592022-01-04 14:18:59.462root 11241100x80000000000000004278486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117afc1df12442542022-01-04 14:18:59.959root 11241100x80000000000000004278487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989440e83df9c7bb2022-01-04 14:18:59.959root 11241100x80000000000000004278488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da770cddb79c55862022-01-04 14:18:59.959root 11241100x80000000000000004278489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea316328fe66042022-01-04 14:18:59.959root 11241100x80000000000000004278490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c714527c1de5f8732022-01-04 14:18:59.959root 11241100x80000000000000004278491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c94b6732fc9ca42022-01-04 14:18:59.960root 11241100x80000000000000004278492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6414a641d4fd59cd2022-01-04 14:18:59.960root 11241100x80000000000000004278493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1754c0c39ca94fa12022-01-04 14:18:59.960root 11241100x80000000000000004278494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8507ef7292624592022-01-04 14:18:59.960root 11241100x80000000000000004278495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c206bff19d57581b2022-01-04 14:18:59.960root 11241100x80000000000000004278496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a0622f102aa0072022-01-04 14:18:59.960root 11241100x80000000000000004278497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d691b05d58602c2022-01-04 14:18:59.960root 11241100x80000000000000004278498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bf1cd715d93c9a2022-01-04 14:18:59.960root 11241100x80000000000000004278499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb8fdee5202d512022-01-04 14:18:59.960root 11241100x80000000000000004278500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6bb37db6f290482022-01-04 14:18:59.960root 11241100x80000000000000004278501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ea7b1c1c37c0b2022-01-04 14:18:59.960root 11241100x80000000000000004278502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c0e7338b0692992022-01-04 14:18:59.961root 11241100x80000000000000004278503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661618ff9a1943a2022-01-04 14:18:59.961root 11241100x80000000000000004278504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f7c39ead438db2022-01-04 14:18:59.961root 11241100x80000000000000004278505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e5858b744500dc2022-01-04 14:18:59.961root 11241100x80000000000000004278506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c026ed48fef17db22022-01-04 14:18:59.961root 11241100x80000000000000004278507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cf9f1593de41042022-01-04 14:18:59.961root 11241100x80000000000000004278508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d141f3666e844edf2022-01-04 14:18:59.961root 11241100x80000000000000004278509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a22a54aada3e672022-01-04 14:18:59.961root 11241100x80000000000000004278510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d9066e208cf7812022-01-04 14:18:59.961root 11241100x80000000000000004278511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457b41ce93dfa732022-01-04 14:18:59.962root 11241100x80000000000000004278512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f500607d08566c6e2022-01-04 14:18:59.962root 11241100x80000000000000004278513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e1f482b75a3be02022-01-04 14:18:59.962root 11241100x80000000000000004278514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4124ab7bfaffbd242022-01-04 14:18:59.962root 11241100x80000000000000004278515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f62d03e1f11bf02022-01-04 14:18:59.962root 11241100x80000000000000004278516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5a13fd23c5cbd02022-01-04 14:18:59.962root 11241100x80000000000000004278517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5c0f5e756bac092022-01-04 14:18:59.962root 11241100x80000000000000004278518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18506e2dab46a9982022-01-04 14:18:59.963root 11241100x80000000000000004278519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6077a12b1b8a08162022-01-04 14:18:59.963root 11241100x80000000000000004278520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8710cab49ffd5b2022-01-04 14:18:59.963root 11241100x80000000000000004278521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b261b7c067bcba12022-01-04 14:19:00.460root 11241100x80000000000000004278522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0574bee42772f82022-01-04 14:19:00.460root 11241100x80000000000000004278523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77baa01c02f804e02022-01-04 14:19:00.460root 11241100x80000000000000004278524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dd48d14c4b5f3f2022-01-04 14:19:00.460root 11241100x80000000000000004278525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb482b6f442fe5852022-01-04 14:19:00.460root 11241100x80000000000000004278526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe4f89d79b2fd522022-01-04 14:19:00.461root 11241100x80000000000000004278527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a29a84822c60442022-01-04 14:19:00.461root 11241100x80000000000000004278528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712efa2ecaa461432022-01-04 14:19:00.461root 11241100x80000000000000004278529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e82ae059eebe9b12022-01-04 14:19:00.461root 11241100x80000000000000004278530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ba78707e21f9bc2022-01-04 14:19:00.461root 11241100x80000000000000004278531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35786b26b0b67ea42022-01-04 14:19:00.461root 11241100x80000000000000004278532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8761141e4d12032022-01-04 14:19:00.461root 11241100x80000000000000004278533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff8900d0df4ddae2022-01-04 14:19:00.461root 11241100x80000000000000004278534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc860432964a62332022-01-04 14:19:00.461root 11241100x80000000000000004278535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34814395516e60112022-01-04 14:19:00.461root 11241100x80000000000000004278536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9c816312d9f84d2022-01-04 14:19:00.461root 11241100x80000000000000004278537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444159f07b70514a2022-01-04 14:19:00.461root 11241100x80000000000000004278538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c686f91c0d6f0ed52022-01-04 14:19:00.461root 11241100x80000000000000004278539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627e14c62080c802022-01-04 14:19:00.461root 11241100x80000000000000004278540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32c1772f0ec096c2022-01-04 14:19:00.461root 11241100x80000000000000004278541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938f842f1b39155a2022-01-04 14:19:00.462root 11241100x80000000000000004278542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8554635a27eb3a2022-01-04 14:19:00.462root 11241100x80000000000000004278543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd84b81a8f68d2d2022-01-04 14:19:00.462root 11241100x80000000000000004278544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dd5e170460667b2022-01-04 14:19:00.462root 11241100x80000000000000004278545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa622539d1039b2022-01-04 14:19:00.462root 11241100x80000000000000004278546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16ce48b368059122022-01-04 14:19:00.462root 11241100x80000000000000004278547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af42086947485dd2022-01-04 14:19:00.462root 11241100x80000000000000004278548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f396147c47986c0e2022-01-04 14:19:00.462root 11241100x80000000000000004278549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c110baecec9e1b5f2022-01-04 14:19:00.462root 11241100x80000000000000004278550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b646d7b14c68c8f12022-01-04 14:19:00.462root 11241100x80000000000000004278551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c417683252e772022-01-04 14:19:00.959root 11241100x80000000000000004278552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400b1a6a8e797cef2022-01-04 14:19:00.960root 11241100x80000000000000004278553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda70c3e3f5905f2022-01-04 14:19:00.960root 11241100x80000000000000004278554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f4251ed1f3f8a62022-01-04 14:19:00.960root 11241100x80000000000000004278555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efdb003d4e9d5f72022-01-04 14:19:00.960root 11241100x80000000000000004278556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf1ecc01611efba2022-01-04 14:19:00.960root 11241100x80000000000000004278557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a689716d18829e382022-01-04 14:19:00.960root 11241100x80000000000000004278558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00216280bb5394c42022-01-04 14:19:00.960root 11241100x80000000000000004278559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dc30293b5a95222022-01-04 14:19:00.960root 11241100x80000000000000004278560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc169e075af5632022-01-04 14:19:00.960root 11241100x80000000000000004278561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5cfe0490ca329d2022-01-04 14:19:00.960root 11241100x80000000000000004278562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bead6a4d4e91f752022-01-04 14:19:00.960root 11241100x80000000000000004278563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b595b419dacff97c2022-01-04 14:19:00.961root 11241100x80000000000000004278564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6c956a190749e92022-01-04 14:19:00.961root 11241100x80000000000000004278565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ed37a78afe818d2022-01-04 14:19:00.961root 11241100x80000000000000004278566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7603de01adced1c82022-01-04 14:19:00.961root 11241100x80000000000000004278567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fb701c6dacdbd02022-01-04 14:19:00.961root 11241100x80000000000000004278568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b52aa55c3d9c12022-01-04 14:19:00.961root 11241100x80000000000000004278569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9132f0d59814f3002022-01-04 14:19:00.961root 11241100x80000000000000004278570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d61dfe0f3dfdad2022-01-04 14:19:00.961root 11241100x80000000000000004278571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c66be92aa7d116e2022-01-04 14:19:00.961root 11241100x80000000000000004278572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8479bdd2bee5df22022-01-04 14:19:00.961root 11241100x80000000000000004278573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250ab569db3d8de82022-01-04 14:19:00.961root 11241100x80000000000000004278574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6566273377786ce2022-01-04 14:19:00.961root 11241100x80000000000000004278575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f221decf99b0082022-01-04 14:19:00.961root 11241100x80000000000000004278576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8802bb2993e18682022-01-04 14:19:00.961root 11241100x80000000000000004278577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebd894dfd1aa3482022-01-04 14:19:00.961root 11241100x80000000000000004278578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488ce21501372c572022-01-04 14:19:00.962root 11241100x80000000000000004278579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1210ab2f0d07dd2022-01-04 14:19:00.962root 11241100x80000000000000004278580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22527a661eda937d2022-01-04 14:19:00.962root 11241100x80000000000000004278581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da3c6cb4cbc72db2022-01-04 14:19:00.962root 11241100x80000000000000004278582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5298b4d0e1f843252022-01-04 14:19:00.962root 11241100x80000000000000004278583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed0f7c6c4a96b4f2022-01-04 14:19:00.962root 11241100x80000000000000004278584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:19:01.221root 11241100x80000000000000004278585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9856145ddc06eb22022-01-04 14:19:01.222root 11241100x80000000000000004278586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f534be099b9aed4f2022-01-04 14:19:01.222root 11241100x80000000000000004278587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23347b80903363e2022-01-04 14:19:01.222root 11241100x80000000000000004278588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d324b11811d6ca72022-01-04 14:19:01.222root 11241100x80000000000000004278589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bae3caa76baffe2022-01-04 14:19:01.223root 11241100x80000000000000004278590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af03024ab116ed2022-01-04 14:19:01.223root 11241100x80000000000000004278591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b14e4cdb3657b2022-01-04 14:19:01.223root 11241100x80000000000000004278592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7f746ed0728a2d2022-01-04 14:19:01.223root 11241100x80000000000000004278593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea815d61eec973df2022-01-04 14:19:01.223root 11241100x80000000000000004278594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e3fcd0b211eb072022-01-04 14:19:01.223root 11241100x80000000000000004278595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f520b8e76ff0f2022-01-04 14:19:01.223root 11241100x80000000000000004278596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a259ce94aaa87f2022-01-04 14:19:01.224root 11241100x80000000000000004278597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f4e7e8f3a32c222022-01-04 14:19:01.224root 11241100x80000000000000004278598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fce4c58f37c279a2022-01-04 14:19:01.224root 11241100x80000000000000004278599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0538565ea6b1462022-01-04 14:19:01.224root 11241100x80000000000000004278600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae955cae7dd9e8332022-01-04 14:19:01.225root 11241100x80000000000000004278601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5854aeeb070c54e12022-01-04 14:19:01.225root 11241100x80000000000000004278602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4879409e38f8552022-01-04 14:19:01.225root 11241100x80000000000000004278603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d71411485d180be2022-01-04 14:19:01.226root 11241100x80000000000000004278604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e36eb1a4ab0917f2022-01-04 14:19:01.226root 11241100x80000000000000004278605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1be9f8a169ff8e02022-01-04 14:19:01.226root 11241100x80000000000000004278606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8790e3d1ce90562022-01-04 14:19:01.226root 11241100x80000000000000004278607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d90824c1fcd6d812022-01-04 14:19:01.226root 11241100x80000000000000004278608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeca28c9fc3bfa12022-01-04 14:19:01.226root 11241100x80000000000000004278609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b05a1759f05fa6a2022-01-04 14:19:01.227root 11241100x80000000000000004278610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60d7ac2c1fa19b22022-01-04 14:19:01.227root 11241100x80000000000000004278611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83a82bb07adddea2022-01-04 14:19:01.227root 11241100x80000000000000004278612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a48b5113a63004c2022-01-04 14:19:01.227root 11241100x80000000000000004278613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66af0cbcbc3358302022-01-04 14:19:01.227root 11241100x80000000000000004278614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf475c55d68e9852022-01-04 14:19:01.228root 11241100x80000000000000004278615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae1d485168ade912022-01-04 14:19:01.228root 11241100x80000000000000004278616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20e07b09b06a2322022-01-04 14:19:01.228root 11241100x80000000000000004278617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814fb54f84df7cc52022-01-04 14:19:01.710root 11241100x80000000000000004278618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e1998a377b30672022-01-04 14:19:01.710root 11241100x80000000000000004278619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44aed098e5f44102022-01-04 14:19:01.710root 11241100x80000000000000004278620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d995742abf2438912022-01-04 14:19:01.710root 11241100x80000000000000004278621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c1b322b7c449042022-01-04 14:19:01.711root 11241100x80000000000000004278622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979a935ae343ab12022-01-04 14:19:01.711root 11241100x80000000000000004278623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d812f4ccb8a53f442022-01-04 14:19:01.711root 11241100x80000000000000004278624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b614e8dbf29d632022-01-04 14:19:01.711root 11241100x80000000000000004278625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2727324fb19856b72022-01-04 14:19:01.711root 11241100x80000000000000004278626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6332ff24e15dbee32022-01-04 14:19:01.711root 11241100x80000000000000004278627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66174336a5d2831c2022-01-04 14:19:01.711root 11241100x80000000000000004278628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6e2dd3e84635a52022-01-04 14:19:01.711root 11241100x80000000000000004278629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e7ef8a76eb9a12022-01-04 14:19:01.712root 11241100x80000000000000004278630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdbf81b454f933e2022-01-04 14:19:01.712root 11241100x80000000000000004278631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d097a774aa66e152022-01-04 14:19:01.712root 11241100x80000000000000004278632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f45691d692082762022-01-04 14:19:01.712root 11241100x80000000000000004278633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a36624db911e3f02022-01-04 14:19:01.712root 11241100x80000000000000004278634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a5e688cba17ffc2022-01-04 14:19:01.712root 11241100x80000000000000004278635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411ba43e2f6b81382022-01-04 14:19:01.712root 11241100x80000000000000004278636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9172795939c87c3e2022-01-04 14:19:01.712root 11241100x80000000000000004278637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd455ed1dc595bbc2022-01-04 14:19:01.712root 11241100x80000000000000004278638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c490598bf19c2f9c2022-01-04 14:19:01.712root 11241100x80000000000000004278639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ea274b33db58432022-01-04 14:19:01.712root 11241100x80000000000000004278640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46517920ae4bda172022-01-04 14:19:01.712root 11241100x80000000000000004278641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bd9647ab81451f2022-01-04 14:19:01.713root 11241100x80000000000000004278642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e93481f5e91cb32022-01-04 14:19:01.713root 11241100x80000000000000004278643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0a6220a8ed6082022-01-04 14:19:01.713root 11241100x80000000000000004278644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6a9f85d9a770542022-01-04 14:19:01.713root 11241100x80000000000000004278645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422ac522e1aba26b2022-01-04 14:19:01.713root 11241100x80000000000000004278646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835dfc1fed9de4312022-01-04 14:19:01.713root 11241100x80000000000000004278647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a3a7346bd670ab2022-01-04 14:19:01.713root 11241100x80000000000000004278648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae0e09c42e23b772022-01-04 14:19:02.209root 11241100x80000000000000004278649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2040c026988e3f212022-01-04 14:19:02.209root 11241100x80000000000000004278650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec91000a8ba377062022-01-04 14:19:02.210root 11241100x80000000000000004278651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1a5358c163f4bf2022-01-04 14:19:02.210root 11241100x80000000000000004278652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e1ea47babece262022-01-04 14:19:02.210root 11241100x80000000000000004278653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb52a815175b01e2022-01-04 14:19:02.210root 11241100x80000000000000004278654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33a94ace5a9dc622022-01-04 14:19:02.211root 11241100x80000000000000004278655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa418bd3ba7975822022-01-04 14:19:02.211root 11241100x80000000000000004278656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46526913882812812022-01-04 14:19:02.211root 11241100x80000000000000004278657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a8c26d65132a692022-01-04 14:19:02.211root 11241100x80000000000000004278658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821dee0671a774f02022-01-04 14:19:02.212root 11241100x80000000000000004278659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8451121bd3c3792f2022-01-04 14:19:02.212root 11241100x80000000000000004278660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c552f1119c42264c2022-01-04 14:19:02.212root 11241100x80000000000000004278661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6ec3c0ebb0792f2022-01-04 14:19:02.212root 11241100x80000000000000004278662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6611568a178a362b2022-01-04 14:19:02.212root 11241100x80000000000000004278663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc91b9f7acf0a052022-01-04 14:19:02.213root 11241100x80000000000000004278664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0288e25cbbf79b882022-01-04 14:19:02.213root 11241100x80000000000000004278665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08e1a7ed34d9a052022-01-04 14:19:02.214root 11241100x80000000000000004278666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f867766a87e0d362022-01-04 14:19:02.214root 11241100x80000000000000004278667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6cf6bddb37303a2022-01-04 14:19:02.214root 11241100x80000000000000004278668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cb5ae3808f31ec2022-01-04 14:19:02.215root 11241100x80000000000000004278669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a5299eff9048142022-01-04 14:19:02.215root 11241100x80000000000000004278670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f10dd2f23bfd5d2022-01-04 14:19:02.215root 11241100x80000000000000004278671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b719e10c0c2a1af2022-01-04 14:19:02.215root 11241100x80000000000000004278672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df1810bc988f6d22022-01-04 14:19:02.215root 11241100x80000000000000004278673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20adadc1007e65a2022-01-04 14:19:02.215root 11241100x80000000000000004278674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f527a032f002f52022-01-04 14:19:02.215root 11241100x80000000000000004278675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05716577693e99762022-01-04 14:19:02.216root 11241100x80000000000000004278676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8780f799782c2cde2022-01-04 14:19:02.216root 11241100x80000000000000004278677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2cc9bfa04e5ac42022-01-04 14:19:02.216root 11241100x80000000000000004278678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b7386fa4adde3f2022-01-04 14:19:02.216root 11241100x80000000000000004278679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f4a1776af85e992022-01-04 14:19:02.217root 11241100x80000000000000004278680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b510665bd4a1942022-01-04 14:19:02.710root 11241100x80000000000000004278681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef54582fcd673f742022-01-04 14:19:02.710root 11241100x80000000000000004278682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf477caa4a2da72022-01-04 14:19:02.710root 11241100x80000000000000004278683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3ca34a978c55892022-01-04 14:19:02.710root 11241100x80000000000000004278684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c020ca46dd49e372022-01-04 14:19:02.710root 11241100x80000000000000004278685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7993cc6d9ae41a482022-01-04 14:19:02.710root 11241100x80000000000000004278686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a138f47f9e5e12fb2022-01-04 14:19:02.710root 11241100x80000000000000004278687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349b33775064a57e2022-01-04 14:19:02.710root 11241100x80000000000000004278688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77bf406ed8aa9242022-01-04 14:19:02.710root 11241100x80000000000000004278689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa43e5a55446e34c2022-01-04 14:19:02.711root 11241100x80000000000000004278690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe747984a8b5e92022-01-04 14:19:02.711root 11241100x80000000000000004278691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9379b659577f6942022-01-04 14:19:02.711root 11241100x80000000000000004278692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3f50484e0b14312022-01-04 14:19:02.711root 11241100x80000000000000004278693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d575ccf76f837c0f2022-01-04 14:19:02.711root 11241100x80000000000000004278694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64f23b543b55b742022-01-04 14:19:02.711root 11241100x80000000000000004278695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc7fd468ef1da0e2022-01-04 14:19:02.712root 11241100x80000000000000004278696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1dd6b78ae2d66d2022-01-04 14:19:02.712root 11241100x80000000000000004278697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1817021b5c3efe2022-01-04 14:19:02.713root 11241100x80000000000000004278698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092f474d90e607312022-01-04 14:19:02.713root 11241100x80000000000000004278699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ea3774cb95fda92022-01-04 14:19:02.713root 11241100x80000000000000004278700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c9a3ab27db9a5d2022-01-04 14:19:02.714root 11241100x80000000000000004278701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746c322ab397a46f2022-01-04 14:19:02.714root 11241100x80000000000000004278702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766692b02c95631e2022-01-04 14:19:02.715root 11241100x80000000000000004278703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f4ca3fb06a46c2022-01-04 14:19:02.716root 11241100x80000000000000004278704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa9acc2e86c02292022-01-04 14:19:02.716root 11241100x80000000000000004278705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faeb055f29fe68262022-01-04 14:19:02.716root 11241100x80000000000000004278706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3984757131b125fe2022-01-04 14:19:02.716root 11241100x80000000000000004278707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b9a4e9a7941ac2022-01-04 14:19:02.717root 11241100x80000000000000004278708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c51ae0e818848052022-01-04 14:19:02.717root 11241100x80000000000000004278709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9018ac9d4eacbf2022-01-04 14:19:02.717root 11241100x80000000000000004278710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81aa68c707c4edd2022-01-04 14:19:02.719root 11241100x80000000000000004278711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8a474ba55a7b32022-01-04 14:19:02.719root 11241100x80000000000000004278712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16c37f6f7d668092022-01-04 14:19:02.722root 11241100x80000000000000004278713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d757553fb0557ff82022-01-04 14:19:02.722root 11241100x80000000000000004278714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b05e88b1931493e2022-01-04 14:19:02.722root 354300x80000000000000004278715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.185{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41516-false10.0.1.12-8000- 11241100x80000000000000004278716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6940381619c9ec52022-01-04 14:19:03.186root 11241100x80000000000000004278717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c215c86d693ea9c22022-01-04 14:19:03.186root 11241100x80000000000000004278718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ca7a2645f148842022-01-04 14:19:03.186root 11241100x80000000000000004278719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017d090bb44474ee2022-01-04 14:19:03.186root 11241100x80000000000000004278720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f5a37e0a10caa22022-01-04 14:19:03.187root 11241100x80000000000000004278721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6dec54a44f189a2022-01-04 14:19:03.187root 11241100x80000000000000004278722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae84762490eb7312022-01-04 14:19:03.187root 11241100x80000000000000004278723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785eeedb26535b872022-01-04 14:19:03.187root 11241100x80000000000000004278724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd82132cd3dd9fa2022-01-04 14:19:03.187root 11241100x80000000000000004278725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae8da0ee87885e72022-01-04 14:19:03.188root 11241100x80000000000000004278726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8d24c2c07c7c9e2022-01-04 14:19:03.188root 11241100x80000000000000004278727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bceb48a9679e102022-01-04 14:19:03.188root 11241100x80000000000000004278728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6c89dc0e91505e2022-01-04 14:19:03.188root 11241100x80000000000000004278729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb3fcb6348d642c2022-01-04 14:19:03.188root 11241100x80000000000000004278730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a918d36c5c70d1fc2022-01-04 14:19:03.189root 11241100x80000000000000004278731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d45d2a5f5e26c4d2022-01-04 14:19:03.189root 11241100x80000000000000004278732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb302f66fb74ea02022-01-04 14:19:03.189root 11241100x80000000000000004278733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63225b6bdde4fc2c2022-01-04 14:19:03.190root 11241100x80000000000000004278734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4bdace08248c2b2022-01-04 14:19:03.191root 11241100x80000000000000004278735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdfb213bae079502022-01-04 14:19:03.191root 11241100x80000000000000004278736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.192{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909920c49b93538a2022-01-04 14:19:03.192root 11241100x80000000000000004278737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.193{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2cff8814c776012022-01-04 14:19:03.193root 11241100x80000000000000004278738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.193{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16ee6547a5b60ab2022-01-04 14:19:03.193root 11241100x80000000000000004278739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.193{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9847a54c7a83bbba2022-01-04 14:19:03.193root 11241100x80000000000000004278740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.194{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee35d3b8e2b0d7e02022-01-04 14:19:03.194root 11241100x80000000000000004278741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12480a6556b25fa92022-01-04 14:19:03.195root 11241100x80000000000000004278742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ffe03cbdc1bcb2022-01-04 14:19:03.195root 11241100x80000000000000004278743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c4cc1d964a47ab2022-01-04 14:19:03.195root 11241100x80000000000000004278744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00fc200b3e5847b2022-01-04 14:19:03.195root 11241100x80000000000000004278745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.196{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac5f8a0d6954c522022-01-04 14:19:03.196root 11241100x80000000000000004278746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fa40d9ef3c01ee2022-01-04 14:19:03.197root 11241100x80000000000000004278747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b006054fab0cea2022-01-04 14:19:03.197root 11241100x80000000000000004278748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd30f2a5edf79532022-01-04 14:19:03.197root 11241100x80000000000000004278749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0d67ce524167e72022-01-04 14:19:03.197root 11241100x80000000000000004278750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ff0c9d97aa12fc2022-01-04 14:19:03.197root 11241100x80000000000000004278751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbca418d8aad27b2022-01-04 14:19:03.198root 11241100x80000000000000004278752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb75534eb7616f52022-01-04 14:19:03.198root 11241100x80000000000000004278753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db08b352ac1df832022-01-04 14:19:03.198root 11241100x80000000000000004278754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb6979c19b7acd12022-01-04 14:19:03.198root 11241100x80000000000000004278755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cfaae985f007792022-01-04 14:19:03.198root 11241100x80000000000000004278756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3f5420dfc51b92022-01-04 14:19:03.198root 11241100x80000000000000004278757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4a3a5f7ea82e952022-01-04 14:19:03.198root 11241100x80000000000000004278758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15735b27ca27e5392022-01-04 14:19:03.202root 11241100x80000000000000004278759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89769264b79a36162022-01-04 14:19:03.202root 11241100x80000000000000004278760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443e2cfc8be210c32022-01-04 14:19:03.202root 11241100x80000000000000004278761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a81c796a91fafa22022-01-04 14:19:03.202root 11241100x80000000000000004278762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44248f22c919db512022-01-04 14:19:03.202root 11241100x80000000000000004278763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e7d1821434786c2022-01-04 14:19:03.202root 11241100x80000000000000004278764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0d674213aa4d5d2022-01-04 14:19:03.202root 11241100x80000000000000004278765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b56f0de0eb53732022-01-04 14:19:03.459root 11241100x80000000000000004278766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0fb7fb3c9ca8f72022-01-04 14:19:03.460root 11241100x80000000000000004278767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d365abf04ec348a2022-01-04 14:19:03.461root 11241100x80000000000000004278768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a216c4483cff4e8e2022-01-04 14:19:03.461root 11241100x80000000000000004278769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278544e79e9ae682022-01-04 14:19:03.461root 11241100x80000000000000004278770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4da0260bf76614a2022-01-04 14:19:03.462root 11241100x80000000000000004278771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7264963a064589552022-01-04 14:19:03.462root 11241100x80000000000000004278772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8aa05d2b3561372022-01-04 14:19:03.462root 11241100x80000000000000004278773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55dc193386c2ebd2022-01-04 14:19:03.462root 11241100x80000000000000004278774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18717a077afa36e2022-01-04 14:19:03.463root 11241100x80000000000000004278775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c201d890280e802022-01-04 14:19:03.463root 11241100x80000000000000004278776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f047baf905767e582022-01-04 14:19:03.463root 11241100x80000000000000004278777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e39e2d6c6c8f6cb2022-01-04 14:19:03.465root 11241100x80000000000000004278778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c46414a2ea7ee752022-01-04 14:19:03.465root 11241100x80000000000000004278779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e0e4e0466305fc2022-01-04 14:19:03.465root 11241100x80000000000000004278780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4bc4b24b3155b82022-01-04 14:19:03.465root 11241100x80000000000000004278781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967d1d22bfd673f52022-01-04 14:19:03.465root 11241100x80000000000000004278782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992626270e126da02022-01-04 14:19:03.465root 11241100x80000000000000004278783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74bb51e923dbc832022-01-04 14:19:03.465root 11241100x80000000000000004278784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea92f239d9a053f2022-01-04 14:19:03.465root 11241100x80000000000000004278785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b867c7de9a1da3ab2022-01-04 14:19:03.466root 11241100x80000000000000004278786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fa391b32356c242022-01-04 14:19:03.466root 11241100x80000000000000004278787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1a25c8b8df581d2022-01-04 14:19:03.466root 11241100x80000000000000004278788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8edd8021d4f654d2022-01-04 14:19:03.466root 11241100x80000000000000004278789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc0f4dc883f03082022-01-04 14:19:03.466root 11241100x80000000000000004278790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e92feb2bddc1d42022-01-04 14:19:03.466root 11241100x80000000000000004278791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6882971eebe3353a2022-01-04 14:19:03.466root 11241100x80000000000000004278792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62fe1f5f37db0e2022-01-04 14:19:03.466root 11241100x80000000000000004278793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d62c3116e592a22022-01-04 14:19:03.466root 11241100x80000000000000004278794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9e5329ef6c74b72022-01-04 14:19:03.466root 11241100x80000000000000004278795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14e0f648333ebff2022-01-04 14:19:03.466root 11241100x80000000000000004278796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ab66a00edddf422022-01-04 14:19:03.466root 11241100x80000000000000004278797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889740d9cb34cb852022-01-04 14:19:03.466root 11241100x80000000000000004278798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7fa48316ebb6cb2022-01-04 14:19:03.959root 11241100x80000000000000004278799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f038b9bb10487442022-01-04 14:19:03.960root 11241100x80000000000000004278800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c7f19d7a6a0d272022-01-04 14:19:03.960root 11241100x80000000000000004278801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e9eb4e42740c862022-01-04 14:19:03.961root 11241100x80000000000000004278802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d1ac94bb2ff602022-01-04 14:19:03.961root 11241100x80000000000000004278803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06e4f52c93bc38f2022-01-04 14:19:03.961root 11241100x80000000000000004278804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cec5296b94c8c8d2022-01-04 14:19:03.962root 11241100x80000000000000004278805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea75bfe0cdf66f72022-01-04 14:19:03.962root 11241100x80000000000000004278806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9516db85d713c2022-01-04 14:19:03.962root 11241100x80000000000000004278807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a46c7abc8b6cc32022-01-04 14:19:03.962root 11241100x80000000000000004278808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c2162d23df5bf92022-01-04 14:19:03.963root 11241100x80000000000000004278809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc972e24074e0562022-01-04 14:19:03.963root 11241100x80000000000000004278810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893da47e77c16fe52022-01-04 14:19:03.963root 11241100x80000000000000004278811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fc36e4962b11892022-01-04 14:19:03.963root 11241100x80000000000000004278812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f1bb25674e1e7d2022-01-04 14:19:03.964root 11241100x80000000000000004278813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814d6919ad0ee02f2022-01-04 14:19:03.964root 11241100x80000000000000004278814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7ed5b9387af2f62022-01-04 14:19:03.964root 11241100x80000000000000004278815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac83e38a50e029672022-01-04 14:19:03.964root 11241100x80000000000000004278816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c731dd1ea12c19c62022-01-04 14:19:03.964root 11241100x80000000000000004278817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3ce5043bfae99a2022-01-04 14:19:03.964root 11241100x80000000000000004278818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567b2e4ac40492dc2022-01-04 14:19:03.964root 11241100x80000000000000004278819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b254cfe30235d2022-01-04 14:19:03.965root 11241100x80000000000000004278820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093279b5cf32e5a2022-01-04 14:19:03.965root 11241100x80000000000000004278821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17672436cf0898a92022-01-04 14:19:03.965root 11241100x80000000000000004278822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c18743a687d02b2022-01-04 14:19:03.965root 11241100x80000000000000004278823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc56e6ff975d9162022-01-04 14:19:03.965root 11241100x80000000000000004278824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf33d293bfb792182022-01-04 14:19:03.965root 11241100x80000000000000004278825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056e97771fbe5ced2022-01-04 14:19:03.966root 11241100x80000000000000004278826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dc479ff61e5a442022-01-04 14:19:03.966root 11241100x80000000000000004278827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e7900a6a2ac2042022-01-04 14:19:03.966root 11241100x80000000000000004278828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bb2a93f0191d542022-01-04 14:19:03.966root 11241100x80000000000000004278829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e49ae7f45ed720f2022-01-04 14:19:03.966root 11241100x80000000000000004278830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b35003aee2482f2022-01-04 14:19:03.966root 23542300x80000000000000004278831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.133{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004278832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28a5d8322636e12022-01-04 14:19:04.460root 11241100x80000000000000004278833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8f5af515a265082022-01-04 14:19:04.460root 11241100x80000000000000004278834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398e8fd23b6bdcba2022-01-04 14:19:04.460root 11241100x80000000000000004278835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428ccfc00432c3c72022-01-04 14:19:04.460root 11241100x80000000000000004278836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0034e4b8b13157ee2022-01-04 14:19:04.461root 11241100x80000000000000004278837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f30baf9338a37242022-01-04 14:19:04.461root 11241100x80000000000000004278838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e0695871faa8752022-01-04 14:19:04.461root 11241100x80000000000000004278839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a9d62603fb7fb82022-01-04 14:19:04.461root 11241100x80000000000000004278840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee74de491a46f732022-01-04 14:19:04.461root 11241100x80000000000000004278841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eea7f910423e4ad2022-01-04 14:19:04.462root 11241100x80000000000000004278842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b15d248bde06672022-01-04 14:19:04.462root 11241100x80000000000000004278843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7818878fdfd1896f2022-01-04 14:19:04.462root 11241100x80000000000000004278844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85d1c0213e349572022-01-04 14:19:04.462root 11241100x80000000000000004278845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff398096bcfed79b2022-01-04 14:19:04.463root 11241100x80000000000000004278846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dced314a4da03d382022-01-04 14:19:04.463root 11241100x80000000000000004278847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9b87e303abc99e2022-01-04 14:19:04.463root 11241100x80000000000000004278848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bd77941e5df43b2022-01-04 14:19:04.463root 11241100x80000000000000004278849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc2b94584d4bd52022-01-04 14:19:04.463root 11241100x80000000000000004278850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec85d9a84b09bc752022-01-04 14:19:04.463root 11241100x80000000000000004278851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b653cbe67e3572022-01-04 14:19:04.463root 11241100x80000000000000004278852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1707864126cb002022-01-04 14:19:04.463root 11241100x80000000000000004278853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c5c39427ede4b2022-01-04 14:19:04.463root 11241100x80000000000000004278854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388cf9043ce52bba2022-01-04 14:19:04.463root 11241100x80000000000000004278855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771548955e3b9ae32022-01-04 14:19:04.464root 11241100x80000000000000004278856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0158d38231d975ec2022-01-04 14:19:04.464root 11241100x80000000000000004278857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a26a233228b8fa2022-01-04 14:19:04.464root 11241100x80000000000000004278858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ced7e166bb2f8d52022-01-04 14:19:04.464root 11241100x80000000000000004278859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ec80c96db280472022-01-04 14:19:04.464root 11241100x80000000000000004278860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc433b08b6c0e3eb2022-01-04 14:19:04.464root 11241100x80000000000000004278861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf799eaa2950062022-01-04 14:19:04.464root 11241100x80000000000000004278862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d9c5e6f9b93d82022-01-04 14:19:04.465root 11241100x80000000000000004278863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996759c28096adaa2022-01-04 14:19:04.465root 11241100x80000000000000004278864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6e7c06e35e196c2022-01-04 14:19:04.465root 11241100x80000000000000004278865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8827c2e2ee385e392022-01-04 14:19:04.465root 11241100x80000000000000004278866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2108f358dbcd68ac2022-01-04 14:19:04.465root 11241100x80000000000000004278867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffd74da64e17a4c2022-01-04 14:19:04.465root 11241100x80000000000000004278868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dd27bf38b4564c2022-01-04 14:19:04.960root 11241100x80000000000000004278869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819c6606c5ce2db32022-01-04 14:19:04.960root 11241100x80000000000000004278870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e1a1c903dd66082022-01-04 14:19:04.960root 11241100x80000000000000004278871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c10f443625d4ae2022-01-04 14:19:04.960root 11241100x80000000000000004278872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c298260f1dcd08f62022-01-04 14:19:04.960root 11241100x80000000000000004278873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd4eff3f3297b202022-01-04 14:19:04.960root 11241100x80000000000000004278874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2f9c5cb28699aa2022-01-04 14:19:04.960root 11241100x80000000000000004278875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313cd86a53a207b12022-01-04 14:19:04.961root 11241100x80000000000000004278876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ecf8a782d6e7762022-01-04 14:19:04.961root 11241100x80000000000000004278877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ef5c21d690b1bc2022-01-04 14:19:04.961root 11241100x80000000000000004278878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae618044c16aef1f2022-01-04 14:19:04.961root 11241100x80000000000000004278879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3075db727e5d1bc22022-01-04 14:19:04.961root 11241100x80000000000000004278880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34633125af6d0e522022-01-04 14:19:04.961root 11241100x80000000000000004278881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ac0ca27ee492dc2022-01-04 14:19:04.961root 11241100x80000000000000004278882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b943533ce3937812022-01-04 14:19:04.961root 11241100x80000000000000004278883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2619c90d4aad772022-01-04 14:19:04.961root 11241100x80000000000000004278884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d329d9ae30ba4112022-01-04 14:19:04.961root 11241100x80000000000000004278885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f180ed3e5da65c02022-01-04 14:19:04.962root 11241100x80000000000000004278886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913299174785ca7c2022-01-04 14:19:04.962root 11241100x80000000000000004278887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28e8bc398ac3f732022-01-04 14:19:04.962root 11241100x80000000000000004278888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a084bfba5d0314062022-01-04 14:19:04.962root 11241100x80000000000000004278889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3557e6bcae732f42022-01-04 14:19:04.962root 11241100x80000000000000004278890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cc775c095efe982022-01-04 14:19:04.962root 11241100x80000000000000004278891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09977cf5080ee3872022-01-04 14:19:04.962root 11241100x80000000000000004278892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12201dfc34f267842022-01-04 14:19:04.962root 11241100x80000000000000004278893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7053bbfa7322af2022-01-04 14:19:04.962root 11241100x80000000000000004278894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee70aabdb5ac3022022-01-04 14:19:04.962root 11241100x80000000000000004278895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1f80c316492c22022-01-04 14:19:04.962root 11241100x80000000000000004278896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887be52f625d11462022-01-04 14:19:04.963root 11241100x80000000000000004278897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ab326c995891442022-01-04 14:19:04.963root 11241100x80000000000000004278898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2f469a83cd4282022-01-04 14:19:04.963root 11241100x80000000000000004278899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0657ba75a2af9b72022-01-04 14:19:04.963root 11241100x80000000000000004278900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f967f805480cb4602022-01-04 14:19:04.963root 11241100x80000000000000004278901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0248c6799b267fa2022-01-04 14:19:05.459root 11241100x80000000000000004278902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f7aa1678c587282022-01-04 14:19:05.460root 11241100x80000000000000004278903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2886403b70e3c72022-01-04 14:19:05.460root 11241100x80000000000000004278904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709981d6a43562b12022-01-04 14:19:05.460root 11241100x80000000000000004278905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1e281c9623f0eb2022-01-04 14:19:05.460root 11241100x80000000000000004278906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa958eb2c9875332022-01-04 14:19:05.460root 11241100x80000000000000004278907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a62497949d62472022-01-04 14:19:05.460root 11241100x80000000000000004278908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca928b23a2031a332022-01-04 14:19:05.460root 11241100x80000000000000004278909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cec195e080653472022-01-04 14:19:05.460root 11241100x80000000000000004278910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29cca663bd150482022-01-04 14:19:05.461root 11241100x80000000000000004278911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112c6fe29082b60a2022-01-04 14:19:05.461root 11241100x80000000000000004278912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dc303befac19a42022-01-04 14:19:05.461root 11241100x80000000000000004278913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b919bd76a4edcbfa2022-01-04 14:19:05.461root 11241100x80000000000000004278914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754994f4390496a92022-01-04 14:19:05.461root 11241100x80000000000000004278915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b10a3ba50b97162022-01-04 14:19:05.461root 11241100x80000000000000004278916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897a2fbb8ab607282022-01-04 14:19:05.461root 11241100x80000000000000004278917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811b6754f22d2192022-01-04 14:19:05.461root 11241100x80000000000000004278918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed74ed29715c3f9a2022-01-04 14:19:05.461root 11241100x80000000000000004278919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6195c13bea52e5452022-01-04 14:19:05.461root 11241100x80000000000000004278920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc51eca7f5b0f5f2022-01-04 14:19:05.462root 11241100x80000000000000004278921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbe7d997b582ae92022-01-04 14:19:05.462root 11241100x80000000000000004278922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b2c7bdd8fb122b2022-01-04 14:19:05.462root 11241100x80000000000000004278923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f580eefedefeb772022-01-04 14:19:05.462root 11241100x80000000000000004278924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a90237b02915ba12022-01-04 14:19:05.462root 11241100x80000000000000004278925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6b9d039e0859bb2022-01-04 14:19:05.462root 11241100x80000000000000004278926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac98f97deabe29e2022-01-04 14:19:05.462root 11241100x80000000000000004278927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb5be5d9db74dd02022-01-04 14:19:05.462root 11241100x80000000000000004278928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db4f26371a8bac2022-01-04 14:19:05.462root 11241100x80000000000000004278929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb35ce9221c8ae4f2022-01-04 14:19:05.462root 11241100x80000000000000004278930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c015f1b9e355f2022-01-04 14:19:05.462root 11241100x80000000000000004278931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01319df1d5757a3a2022-01-04 14:19:05.463root 11241100x80000000000000004278932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa56986d140e5df2022-01-04 14:19:05.463root 11241100x80000000000000004278933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2978665b6d150f2f2022-01-04 14:19:05.463root 11241100x80000000000000004278934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c89d2fede2ca172022-01-04 14:19:05.463root 154100x80000000000000004278935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.841{ec2e79f3-5759-61d4-6804-38ce01560000}14879/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000004278936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.842{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd92a558d53c3842022-01-04 14:19:05.842root 11241100x80000000000000004278937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.842{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b0cf8f34d314d62022-01-04 14:19:05.842root 11241100x80000000000000004278938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.842{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071071cd4c06a5ef2022-01-04 14:19:05.842root 11241100x80000000000000004278939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b9805cabac4e3e2022-01-04 14:19:05.843root 11241100x80000000000000004278940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aeeab6a6d381262022-01-04 14:19:05.843root 11241100x80000000000000004278941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdade244718a9c02022-01-04 14:19:05.843root 11241100x80000000000000004278942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fa7d5530dc751e2022-01-04 14:19:05.843root 11241100x80000000000000004278943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd006fba3c2c5ae22022-01-04 14:19:05.843root 11241100x80000000000000004278944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d20c563583ea4b2022-01-04 14:19:05.843root 11241100x80000000000000004278945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fb1c1a93d02cac2022-01-04 14:19:05.843root 11241100x80000000000000004278946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9153400a979889ed2022-01-04 14:19:05.843root 11241100x80000000000000004278947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c3efaac840efb12022-01-04 14:19:05.843root 11241100x80000000000000004278948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3f6e5293a03d892022-01-04 14:19:05.843root 11241100x80000000000000004278949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8177fcb69d4ded632022-01-04 14:19:05.844root 11241100x80000000000000004278950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ec120650e3344b2022-01-04 14:19:05.844root 11241100x80000000000000004278951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be72d4be7a8168f52022-01-04 14:19:05.844root 11241100x80000000000000004278952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8bfa0d64d3a8812022-01-04 14:19:05.844root 11241100x80000000000000004278953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7696de797f90b72022-01-04 14:19:05.844root 11241100x80000000000000004278954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08395b5a413e8b92022-01-04 14:19:05.844root 11241100x80000000000000004278955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429f4775af6130d22022-01-04 14:19:05.845root 11241100x80000000000000004278956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afe827f2d48f9072022-01-04 14:19:05.845root 11241100x80000000000000004278957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37764ab7d887aab22022-01-04 14:19:05.845root 11241100x80000000000000004278958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c1cda907ce5eee2022-01-04 14:19:05.845root 11241100x80000000000000004278959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6ab81a530117db2022-01-04 14:19:05.845root 11241100x80000000000000004278960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee73a00954cd0eed2022-01-04 14:19:05.845root 11241100x80000000000000004278961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe66a9b75672c22022-01-04 14:19:05.845root 11241100x80000000000000004278962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5430678e05043162022-01-04 14:19:05.846root 11241100x80000000000000004278963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d3f4ef5d796852022-01-04 14:19:05.846root 11241100x80000000000000004278964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a61ef9f3e403202022-01-04 14:19:05.846root 11241100x80000000000000004278965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f224b4d4f0894f852022-01-04 14:19:05.846root 11241100x80000000000000004278966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b026feaad5d9892022-01-04 14:19:05.846root 11241100x80000000000000004278967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7386233ce968cdc52022-01-04 14:19:05.846root 11241100x80000000000000004278968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.847{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aa910c005482e02022-01-04 14:19:05.847root 11241100x80000000000000004278969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.849{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0720fc96b4564cdd2022-01-04 14:19:05.849root 534500x80000000000000004278970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.854{ec2e79f3-5759-61d4-6804-38ce01560000}14879/bin/psroot 354300x80000000000000004278971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.155{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse93.104.77.114-57674-false10.0.1.25-22- 11241100x80000000000000004278972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.155{ec2e79f3-575a-61d4-0000-000000000000}14880/usr/sbin/sshd/proc/14880/oom_score_adj2022-01-04 14:19:06.155root 154100x80000000000000004278973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.155{ec2e79f3-575a-61d4-e017-76fa68550000}14880/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 11241100x80000000000000004278974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a944cdbd7166c8a52022-01-04 14:19:06.156root 11241100x80000000000000004278975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68088dd92de2b0f12022-01-04 14:19:06.156root 11241100x80000000000000004278976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb309371f48fa44c2022-01-04 14:19:06.156root 11241100x80000000000000004278977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a5fa2523328cf32022-01-04 14:19:06.157root 11241100x80000000000000004278978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c75a27aac0b61632022-01-04 14:19:06.157root 11241100x80000000000000004278979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a3be715f20e3a2022-01-04 14:19:06.157root 11241100x80000000000000004278980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad93121ecf8e92f92022-01-04 14:19:06.157root 11241100x80000000000000004278981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f44aab86fbff5c2022-01-04 14:19:06.157root 11241100x80000000000000004278982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc81cbf086bffad2022-01-04 14:19:06.157root 11241100x80000000000000004278983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9676abc50ffd692022-01-04 14:19:06.158root 11241100x80000000000000004278984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533292af662b15d2022-01-04 14:19:06.158root 11241100x80000000000000004278985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed55c20ded63cc72022-01-04 14:19:06.158root 11241100x80000000000000004278986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c4935ccbec2b102022-01-04 14:19:06.158root 11241100x80000000000000004278987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cc7802eb8c40de2022-01-04 14:19:06.158root 11241100x80000000000000004278988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6f00b4bd804b342022-01-04 14:19:06.158root 11241100x80000000000000004278989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56d45b77782be42022-01-04 14:19:06.158root 11241100x80000000000000004278990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99df4b24e6381d72022-01-04 14:19:06.158root 11241100x80000000000000004278991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a2bbb0b7f37e952022-01-04 14:19:06.158root 11241100x80000000000000004278992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.159{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d3ab6e7a004c0b2022-01-04 14:19:06.159root 11241100x80000000000000004278993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49791b8c8fcb3102022-01-04 14:19:06.160root 11241100x80000000000000004278994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9dc7d773f12d632022-01-04 14:19:06.160root 11241100x80000000000000004278995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3112d64badc2ba92022-01-04 14:19:06.160root 11241100x80000000000000004278996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdc0ea1de68353d2022-01-04 14:19:06.160root 11241100x80000000000000004278997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5307bd29650fe8372022-01-04 14:19:06.160root 11241100x80000000000000004278998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ae065c51ecf6132022-01-04 14:19:06.160root 11241100x80000000000000004278999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc0dd13cf6e25e92022-01-04 14:19:06.160root 11241100x80000000000000004279000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034ef53aa4360ee2022-01-04 14:19:06.160root 11241100x80000000000000004279001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6def2db81d0195322022-01-04 14:19:06.160root 11241100x80000000000000004279002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb89b8edb3c3482022-01-04 14:19:06.162root 11241100x80000000000000004279003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f1b4efa1fd97182022-01-04 14:19:06.162root 11241100x80000000000000004279004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b173cf9f34fab2022-01-04 14:19:06.162root 11241100x80000000000000004279005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97907067c4fd2d332022-01-04 14:19:06.162root 11241100x80000000000000004279006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a532e7673d2c7e5b2022-01-04 14:19:06.162root 11241100x80000000000000004279007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ff84c70667f17f2022-01-04 14:19:06.162root 11241100x80000000000000004279008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0065766b8a7ca6b62022-01-04 14:19:06.162root 11241100x80000000000000004279009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53772bb28db842bd2022-01-04 14:19:06.162root 11241100x80000000000000004279010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbbe477f24bf33a2022-01-04 14:19:06.163root 11241100x80000000000000004279011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9103122b701bee092022-01-04 14:19:06.164root 11241100x80000000000000004279012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df54082cd9cc2d92022-01-04 14:19:06.164root 11241100x80000000000000004279013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd32950403e9c0322022-01-04 14:19:06.164root 11241100x80000000000000004279014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65839cbf42659b1f2022-01-04 14:19:06.164root 11241100x80000000000000004279015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e185cfb338ad6392022-01-04 14:19:06.164root 11241100x80000000000000004279016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aa091cde7db8b92022-01-04 14:19:06.164root 11241100x80000000000000004279017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51542823e9aacbb82022-01-04 14:19:06.164root 11241100x80000000000000004279018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b111c3edd08cee2022-01-04 14:19:06.165root 11241100x80000000000000004279019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fdea9716c17f122022-01-04 14:19:06.166root 11241100x80000000000000004279020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4018ca1b514e8aca2022-01-04 14:19:06.166root 11241100x80000000000000004279021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f463d1aa3514c0e2022-01-04 14:19:06.166root 11241100x80000000000000004279022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3256eb6fca126dd2022-01-04 14:19:06.166root 11241100x80000000000000004279023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341b6066a766e50b2022-01-04 14:19:06.166root 11241100x80000000000000004279024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b218b7195081b2022-01-04 14:19:06.166root 11241100x80000000000000004279025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46246a7742f9bf6f2022-01-04 14:19:06.167root 11241100x80000000000000004279026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7238bd552063138f2022-01-04 14:19:06.167root 11241100x80000000000000004279027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00a94a467c02e682022-01-04 14:19:06.167root 11241100x80000000000000004279028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc61c800f07edcee2022-01-04 14:19:06.167root 11241100x80000000000000004279029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.168{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ae0bf57ad751962022-01-04 14:19:06.168root 11241100x80000000000000004279030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478b5fa623f00d112022-01-04 14:19:06.169root 11241100x80000000000000004279031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3df8385f85cc452022-01-04 14:19:06.169root 11241100x80000000000000004279032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb155083b22781ab2022-01-04 14:19:06.169root 11241100x80000000000000004279033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb995980ad1c2bf42022-01-04 14:19:06.169root 11241100x80000000000000004279034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffef817a5a179c7b2022-01-04 14:19:06.169root 11241100x80000000000000004279035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e342612126dc7a2022-01-04 14:19:06.169root 11241100x80000000000000004279036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71a39963bbd7af92022-01-04 14:19:06.169root 11241100x80000000000000004279037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63b8a73234386442022-01-04 14:19:06.169root 11241100x80000000000000004279038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28fc52a360e40b82022-01-04 14:19:06.169root 11241100x80000000000000004279039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8867ca8e03515ef2022-01-04 14:19:06.170root 11241100x80000000000000004279040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f25c5c324b89a2022-01-04 14:19:06.459root 11241100x80000000000000004279041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6ba2ced7fdb1682022-01-04 14:19:06.459root 11241100x80000000000000004279042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f969ff541873452022-01-04 14:19:06.459root 11241100x80000000000000004279043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66227f29c1a54a342022-01-04 14:19:06.459root 11241100x80000000000000004279044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c6d3590831e2b52022-01-04 14:19:06.459root 11241100x80000000000000004279045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae9ebcbe041a382022-01-04 14:19:06.459root 11241100x80000000000000004279046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66480084e5843332022-01-04 14:19:06.460root 11241100x80000000000000004279047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8c838894f4ab252022-01-04 14:19:06.460root 11241100x80000000000000004279048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5800c092fe2dd1502022-01-04 14:19:06.460root 11241100x80000000000000004279049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764d2ef5d939a0602022-01-04 14:19:06.460root 11241100x80000000000000004279050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee461d4bd7beed12022-01-04 14:19:06.460root 11241100x80000000000000004279051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbd5c10dc3cb2b42022-01-04 14:19:06.460root 11241100x80000000000000004279052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1bf05cc7c88af42022-01-04 14:19:06.460root 11241100x80000000000000004279053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d787918ec9693e7e2022-01-04 14:19:06.460root 11241100x80000000000000004279054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce84e71c075259ab2022-01-04 14:19:06.460root 11241100x80000000000000004279055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35ab698db50db012022-01-04 14:19:06.460root 11241100x80000000000000004279056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e35022723e0142022-01-04 14:19:06.460root 11241100x80000000000000004279057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c6e8943894a6702022-01-04 14:19:06.461root 11241100x80000000000000004279058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4119924b0e1c20222022-01-04 14:19:06.461root 11241100x80000000000000004279059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507aaf1b365a84a22022-01-04 14:19:06.461root 11241100x80000000000000004279060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b038d9ba9e35a2022-01-04 14:19:06.461root 11241100x80000000000000004279061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad93efe4c9f1c062022-01-04 14:19:06.461root 11241100x80000000000000004279062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f3be5b717a0bea2022-01-04 14:19:06.461root 11241100x80000000000000004279063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94649aba275540a12022-01-04 14:19:06.461root 11241100x80000000000000004279064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b8d16aa81d1e522022-01-04 14:19:06.461root 11241100x80000000000000004279065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe5aa710db514162022-01-04 14:19:06.461root 11241100x80000000000000004279066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520acf667bd05caa2022-01-04 14:19:06.461root 11241100x80000000000000004279067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fab2ef100f87a82022-01-04 14:19:06.462root 11241100x80000000000000004279068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29dade03ace8fe2022-01-04 14:19:06.462root 11241100x80000000000000004279069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2d37875246c2432022-01-04 14:19:06.462root 11241100x80000000000000004279070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef269f956bc8fbf2022-01-04 14:19:06.462root 11241100x80000000000000004279071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adaccd7505734112022-01-04 14:19:06.462root 11241100x80000000000000004279072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a01904100ed8c42022-01-04 14:19:06.462root 11241100x80000000000000004279073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56939b656c6969872022-01-04 14:19:06.462root 11241100x80000000000000004279074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1033863413cf71e92022-01-04 14:19:06.462root 11241100x80000000000000004279075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca1e5bd6cf3e05d2022-01-04 14:19:06.462root 11241100x80000000000000004279076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d94be8a49052b2022-01-04 14:19:06.462root 11241100x80000000000000004279077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccbaa811a79c3e52022-01-04 14:19:06.462root 11241100x80000000000000004279078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa39216c486b96102022-01-04 14:19:06.462root 11241100x80000000000000004279079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3847b67b32f8ee2022-01-04 14:19:06.462root 11241100x80000000000000004279080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f037b922d2d011852022-01-04 14:19:06.463root 11241100x80000000000000004279081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b3f9e0646c38ed2022-01-04 14:19:06.463root 11241100x80000000000000004279082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9b59e20d2bb61e2022-01-04 14:19:06.463root 11241100x80000000000000004279083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7bb0f0f6d3f792022-01-04 14:19:06.463root 11241100x80000000000000004279084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a5e0af958f549b2022-01-04 14:19:06.960root 11241100x80000000000000004279085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eca5287446f09df2022-01-04 14:19:06.960root 11241100x80000000000000004279086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de20b822a577be42022-01-04 14:19:06.960root 11241100x80000000000000004279087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd66fe189b08dde82022-01-04 14:19:06.960root 11241100x80000000000000004279088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec3649bc2f7d9a82022-01-04 14:19:06.960root 11241100x80000000000000004279089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e94e25b127ed962022-01-04 14:19:06.960root 11241100x80000000000000004279090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0002c13ae2a74d7a2022-01-04 14:19:06.960root 11241100x80000000000000004279091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317803c4f684c17f2022-01-04 14:19:06.960root 11241100x80000000000000004279092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8931a61c1c7b72022-01-04 14:19:06.960root 11241100x80000000000000004279093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0a6cdfb514533a2022-01-04 14:19:06.960root 11241100x80000000000000004279094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d08ee4fcd84b602022-01-04 14:19:06.960root 11241100x80000000000000004279095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4cd116dcc40f152022-01-04 14:19:06.961root 11241100x80000000000000004279096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033becc6254cf7502022-01-04 14:19:06.961root 11241100x80000000000000004279097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb70a09f43292a12022-01-04 14:19:06.961root 11241100x80000000000000004279098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990cf4dd8123bbe42022-01-04 14:19:06.961root 11241100x80000000000000004279099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28bbf9f7e3ca5ed2022-01-04 14:19:06.961root 11241100x80000000000000004279100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce52a9f9bfff6ee2022-01-04 14:19:06.961root 11241100x80000000000000004279101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56403e98b90928ec2022-01-04 14:19:06.961root 11241100x80000000000000004279102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8554b5d3745ea8582022-01-04 14:19:06.961root 11241100x80000000000000004279103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabe9781f9bb49b12022-01-04 14:19:06.961root 11241100x80000000000000004279104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7293472e06cd4302022-01-04 14:19:06.961root 11241100x80000000000000004279105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a99c581f20f61a12022-01-04 14:19:06.961root 11241100x80000000000000004279106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa372eabc2d3ad22022-01-04 14:19:06.961root 11241100x80000000000000004279107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f394d46fac4fc2022-01-04 14:19:06.961root 11241100x80000000000000004279108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d500484a2aa32ef2022-01-04 14:19:06.961root 11241100x80000000000000004279109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616ae58d1385e4952022-01-04 14:19:06.962root 11241100x80000000000000004279110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c23378989a2c02e2022-01-04 14:19:06.962root 11241100x80000000000000004279111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfe58ff1f9063422022-01-04 14:19:06.962root 11241100x80000000000000004279112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42595c259e79b552022-01-04 14:19:06.962root 11241100x80000000000000004279113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774a418d21158c002022-01-04 14:19:06.962root 11241100x80000000000000004279114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7910d58b5ab144ca2022-01-04 14:19:06.962root 11241100x80000000000000004279115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f3e1ad2da5d27f2022-01-04 14:19:06.962root 11241100x80000000000000004279116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c70cd713b7909142022-01-04 14:19:06.962root 11241100x80000000000000004279117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a2ee14d5b0b68c2022-01-04 14:19:06.962root 11241100x80000000000000004279118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815bba33051dc0c12022-01-04 14:19:06.962root 11241100x80000000000000004279119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f72a70844a5eb62022-01-04 14:19:06.962root 11241100x80000000000000004279120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833e58b31611db732022-01-04 14:19:06.962root 11241100x80000000000000004279121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360a6ddaa969e1892022-01-04 14:19:06.962root 11241100x80000000000000004279122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cac7eb93805f122022-01-04 14:19:06.962root 11241100x80000000000000004279123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b7e42df5c6ae982022-01-04 14:19:07.459root 11241100x80000000000000004279124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05eeba4a632844a2022-01-04 14:19:07.460root 11241100x80000000000000004279125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ea980382af4e9a2022-01-04 14:19:07.460root 11241100x80000000000000004279126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df378ef28b28fe042022-01-04 14:19:07.460root 11241100x80000000000000004279127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd249e48eceb3062022-01-04 14:19:07.460root 11241100x80000000000000004279128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a05d03ab3ac26d2022-01-04 14:19:07.460root 11241100x80000000000000004279129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e41097acfce0932022-01-04 14:19:07.461root 11241100x80000000000000004279130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b336981c690fe0d2022-01-04 14:19:07.461root 11241100x80000000000000004279131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c97bee4ceae6842022-01-04 14:19:07.461root 11241100x80000000000000004279132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552f2b83c6eecfb12022-01-04 14:19:07.461root 11241100x80000000000000004279133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92a969c018d1fb32022-01-04 14:19:07.461root 11241100x80000000000000004279134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e7153b567992e2022-01-04 14:19:07.462root 11241100x80000000000000004279135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c9e606e2b1cb72022-01-04 14:19:07.462root 11241100x80000000000000004279136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb66ddfada11bc722022-01-04 14:19:07.462root 11241100x80000000000000004279137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc95195dc966897a2022-01-04 14:19:07.462root 11241100x80000000000000004279138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6abe46b036dc9ab2022-01-04 14:19:07.462root 11241100x80000000000000004279139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b22b7a97fb1ba292022-01-04 14:19:07.462root 11241100x80000000000000004279140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5911a50501877a0a2022-01-04 14:19:07.463root 11241100x80000000000000004279141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d6231060f5831c2022-01-04 14:19:07.463root 11241100x80000000000000004279142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d519cd8bd63a682022-01-04 14:19:07.463root 11241100x80000000000000004279143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b9f3f5e6d954502022-01-04 14:19:07.463root 11241100x80000000000000004279144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa35505c28d7be912022-01-04 14:19:07.463root 11241100x80000000000000004279145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2cd3456bed20ce2022-01-04 14:19:07.463root 11241100x80000000000000004279146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30af65ee8ce71d652022-01-04 14:19:07.464root 11241100x80000000000000004279147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34f94292accee072022-01-04 14:19:07.464root 11241100x80000000000000004279148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e5bd096d27aa22022-01-04 14:19:07.464root 11241100x80000000000000004279149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5bd783ab06a50e2022-01-04 14:19:07.464root 11241100x80000000000000004279150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2aff6ac913bddd2022-01-04 14:19:07.464root 11241100x80000000000000004279151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f10e39c0e551a1b2022-01-04 14:19:07.465root 11241100x80000000000000004279152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b1af0df85a5da72022-01-04 14:19:07.465root 11241100x80000000000000004279153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33961cabdda8d94a2022-01-04 14:19:07.465root 11241100x80000000000000004279154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2ebd2e6b37bfef2022-01-04 14:19:07.465root 11241100x80000000000000004279155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a8040d11e805b22022-01-04 14:19:07.465root 11241100x80000000000000004279156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934b2346e1229ef22022-01-04 14:19:07.465root 11241100x80000000000000004279157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75a33bc5b4409762022-01-04 14:19:07.465root 11241100x80000000000000004279158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299396ba5110ce6d2022-01-04 14:19:07.465root 11241100x80000000000000004279159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621acf8fa23a569a2022-01-04 14:19:07.465root 11241100x80000000000000004279160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e85fe92da2eacf2022-01-04 14:19:07.465root 11241100x80000000000000004279161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7772e9b9bd6cc2472022-01-04 14:19:07.465root 11241100x80000000000000004279162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284066da18135a912022-01-04 14:19:07.465root 11241100x80000000000000004279163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dd2e08990a7e042022-01-04 14:19:07.465root 11241100x80000000000000004279164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc131798399cd1a2022-01-04 14:19:07.465root 11241100x80000000000000004279165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dcad0a57f24e8d2022-01-04 14:19:07.959root 11241100x80000000000000004279166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658fa93a2cffdde32022-01-04 14:19:07.959root 11241100x80000000000000004279167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e9f259605748462022-01-04 14:19:07.960root 11241100x80000000000000004279168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1da2bae20429e2022-01-04 14:19:07.960root 11241100x80000000000000004279169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b579366d4cc82fa42022-01-04 14:19:07.960root 11241100x80000000000000004279170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3d212ff55643702022-01-04 14:19:07.960root 11241100x80000000000000004279171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2253c153db3c24a12022-01-04 14:19:07.960root 11241100x80000000000000004279172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cb5288a2d197ba2022-01-04 14:19:07.960root 11241100x80000000000000004279173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2a3cdf1ede86712022-01-04 14:19:07.960root 11241100x80000000000000004279174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441bd2a4a959333b2022-01-04 14:19:07.960root 11241100x80000000000000004279175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c0374bd6ca0f652022-01-04 14:19:07.960root 11241100x80000000000000004279176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0679cd985c9fe1af2022-01-04 14:19:07.961root 11241100x80000000000000004279177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e792eb2b2b2ecfdc2022-01-04 14:19:07.961root 11241100x80000000000000004279178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fcd78c4d0dad612022-01-04 14:19:07.961root 11241100x80000000000000004279179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b0d485c0d424572022-01-04 14:19:07.961root 11241100x80000000000000004279180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f953314974fcd82022-01-04 14:19:07.962root 11241100x80000000000000004279181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cfae1b3c17a16f2022-01-04 14:19:07.962root 11241100x80000000000000004279182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd13ac8e26bf8a2022-01-04 14:19:07.962root 11241100x80000000000000004279183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a183c47585177d62022-01-04 14:19:07.962root 11241100x80000000000000004279184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b929f6a04d76eb2022-01-04 14:19:07.962root 11241100x80000000000000004279185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09860dead074dcb82022-01-04 14:19:07.962root 11241100x80000000000000004279186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8865bd6d46a7d22022-01-04 14:19:07.962root 11241100x80000000000000004279187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a12fda4819a1272022-01-04 14:19:07.962root 11241100x80000000000000004279188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdd371413d158c52022-01-04 14:19:07.962root 11241100x80000000000000004279189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69a363503688cf2022-01-04 14:19:07.962root 11241100x80000000000000004279190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaef88fb04c22bbe2022-01-04 14:19:07.962root 11241100x80000000000000004279191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1c698a3539e1bd2022-01-04 14:19:07.963root 11241100x80000000000000004279192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe12bcb21b3ae322022-01-04 14:19:07.963root 11241100x80000000000000004279193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89af9a37038d2c2022-01-04 14:19:07.963root 11241100x80000000000000004279194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de629b5377a122a2022-01-04 14:19:07.963root 11241100x80000000000000004279195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf5e6d85347e5292022-01-04 14:19:07.963root 11241100x80000000000000004279196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e288815f14f907a92022-01-04 14:19:07.964root 11241100x80000000000000004279197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ca75efcd83e4842022-01-04 14:19:07.964root 11241100x80000000000000004279198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b79599e4938b2102022-01-04 14:19:07.964root 11241100x80000000000000004279199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b38b354913ed572022-01-04 14:19:07.964root 11241100x80000000000000004279200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0cab8920aa27542022-01-04 14:19:07.964root 11241100x80000000000000004279201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3142507118fdbe2022-01-04 14:19:07.965root 11241100x80000000000000004279202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b66377d47f512f2022-01-04 14:19:07.965root 11241100x80000000000000004279203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5afb6af8882cea42022-01-04 14:19:07.965root 11241100x80000000000000004279204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8b83d3b2ad0e62022-01-04 14:19:07.965root 11241100x80000000000000004279205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb68636febca18f2022-01-04 14:19:07.965root 11241100x80000000000000004279206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2219eca59d553fb2022-01-04 14:19:07.965root 11241100x80000000000000004279207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf9f6bb20e193942022-01-04 14:19:07.965root 11241100x80000000000000004279208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09901b145b451412022-01-04 14:19:07.966root 11241100x80000000000000004279209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d5b6cead0d699e2022-01-04 14:19:07.966root 11241100x80000000000000004279210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccd0ff0c3b673f12022-01-04 14:19:08.459root 11241100x80000000000000004279211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70833f7948d7ad922022-01-04 14:19:08.459root 11241100x80000000000000004279212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7583f21ebcd2962022-01-04 14:19:08.459root 11241100x80000000000000004279213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7122443fb2cb93f12022-01-04 14:19:08.460root 11241100x80000000000000004279214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf53edcb5b361f02022-01-04 14:19:08.460root 11241100x80000000000000004279215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7141f565d40888352022-01-04 14:19:08.460root 11241100x80000000000000004279216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8150fd44742560e2022-01-04 14:19:08.460root 11241100x80000000000000004279217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec989d70889eadf2022-01-04 14:19:08.460root 11241100x80000000000000004279218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32acdc8b0971b9942022-01-04 14:19:08.460root 11241100x80000000000000004279219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c9b73a0fdb19d32022-01-04 14:19:08.460root 11241100x80000000000000004279220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e000742e71f11e152022-01-04 14:19:08.460root 11241100x80000000000000004279221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea6af583709f2092022-01-04 14:19:08.460root 11241100x80000000000000004279222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7677643f9c0cd3f32022-01-04 14:19:08.460root 11241100x80000000000000004279223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6299603a90703002022-01-04 14:19:08.460root 11241100x80000000000000004279224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144d98f299dc7f492022-01-04 14:19:08.460root 11241100x80000000000000004279225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696514f4b0b6788c2022-01-04 14:19:08.461root 11241100x80000000000000004279226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a1dea64d46a4ee2022-01-04 14:19:08.461root 11241100x80000000000000004279227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6311d6023c24832022-01-04 14:19:08.461root 11241100x80000000000000004279228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6c09367e98dab82022-01-04 14:19:08.461root 11241100x80000000000000004279229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf9da39915cb55a2022-01-04 14:19:08.461root 11241100x80000000000000004279230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38eb2b5f4e2ccb4f2022-01-04 14:19:08.461root 11241100x80000000000000004279231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c4064f47384a6e2022-01-04 14:19:08.461root 11241100x80000000000000004279232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55080a1d842030d2022-01-04 14:19:08.461root 11241100x80000000000000004279233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8826e1569102d9b32022-01-04 14:19:08.461root 11241100x80000000000000004279234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d203736c7877a962022-01-04 14:19:08.461root 11241100x80000000000000004279235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f3b60c0eb054542022-01-04 14:19:08.461root 11241100x80000000000000004279236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bff1c5bd9f45cd2022-01-04 14:19:08.461root 11241100x80000000000000004279237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39415794010e09662022-01-04 14:19:08.461root 11241100x80000000000000004279238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196089b5f704b0d32022-01-04 14:19:08.462root 11241100x80000000000000004279239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d8077c74646ae92022-01-04 14:19:08.462root 11241100x80000000000000004279240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0a4e7110bfdf7a2022-01-04 14:19:08.462root 11241100x80000000000000004279241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c469321ddc55d2022-01-04 14:19:08.462root 11241100x80000000000000004279242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e91dc0a6bdd3ff2022-01-04 14:19:08.462root 11241100x80000000000000004279243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5fd1972ae59efd2022-01-04 14:19:08.463root 11241100x80000000000000004279244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835759a513a46db22022-01-04 14:19:08.463root 11241100x80000000000000004279245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0487bdc60d1d1db52022-01-04 14:19:08.463root 11241100x80000000000000004279246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a31203c604d8de92022-01-04 14:19:08.465root 11241100x80000000000000004279247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96a4ebe46b4513c2022-01-04 14:19:08.465root 11241100x80000000000000004279248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7970fac8ba94eb2022-01-04 14:19:08.465root 11241100x80000000000000004279249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc6927e9e01065f2022-01-04 14:19:08.465root 11241100x80000000000000004279250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd9cff62d2204692022-01-04 14:19:08.465root 11241100x80000000000000004279251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba40d341a4a04af02022-01-04 14:19:08.466root 11241100x80000000000000004279252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d796b2e86bd9b1ea2022-01-04 14:19:08.466root 11241100x80000000000000004279253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3cabf54fb888792022-01-04 14:19:08.466root 11241100x80000000000000004279254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcee8061e47cdac2022-01-04 14:19:08.466root 11241100x80000000000000004279255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38fe05aacb8b6a2022-01-04 14:19:08.466root 11241100x80000000000000004279256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f02e089856dd052022-01-04 14:19:08.466root 11241100x80000000000000004279257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10c4b3c1742987f2022-01-04 14:19:08.959root 11241100x80000000000000004279258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670dddbc833bb85f2022-01-04 14:19:08.959root 11241100x80000000000000004279259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5616a2ee9aef8f2022-01-04 14:19:08.959root 11241100x80000000000000004279260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e27750a4bc9ee02022-01-04 14:19:08.959root 11241100x80000000000000004279261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43730e464c59b622022-01-04 14:19:08.959root 11241100x80000000000000004279262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a570cfb8bff685c2022-01-04 14:19:08.960root 11241100x80000000000000004279263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fb411e55348ef82022-01-04 14:19:08.960root 11241100x80000000000000004279264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7920e4fc8d81c2022-01-04 14:19:08.960root 11241100x80000000000000004279265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c03425c9c8121062022-01-04 14:19:08.960root 11241100x80000000000000004279266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334893f64648b9292022-01-04 14:19:08.960root 11241100x80000000000000004279267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b31e775fc021fa2022-01-04 14:19:08.960root 11241100x80000000000000004279268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4579b1932dedd6e22022-01-04 14:19:08.960root 11241100x80000000000000004279269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1048f4f89c74a1d22022-01-04 14:19:08.960root 11241100x80000000000000004279270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bf882a0fc3e2862022-01-04 14:19:08.960root 11241100x80000000000000004279271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e02c04ecec048ad2022-01-04 14:19:08.960root 11241100x80000000000000004279272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b87e57b6165e112022-01-04 14:19:08.960root 11241100x80000000000000004279273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b57c36b254459a32022-01-04 14:19:08.960root 11241100x80000000000000004279274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59434f958df42fba2022-01-04 14:19:08.960root 11241100x80000000000000004279275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b626536d850dd2022-01-04 14:19:08.961root 11241100x80000000000000004279276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a0616626978aef2022-01-04 14:19:08.961root 11241100x80000000000000004279277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4573807877ae0a32022-01-04 14:19:08.961root 11241100x80000000000000004279278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadf10a14e9d49bf2022-01-04 14:19:08.961root 11241100x80000000000000004279279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160f3f1c35bec9712022-01-04 14:19:08.961root 11241100x80000000000000004279280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1043f3a71a7fbb332022-01-04 14:19:08.961root 11241100x80000000000000004279281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe15aa232e57f6f2022-01-04 14:19:08.961root 11241100x80000000000000004279282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76031e86780497622022-01-04 14:19:08.961root 11241100x80000000000000004279283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda60888e013725f2022-01-04 14:19:08.961root 11241100x80000000000000004279284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc69689f33d51872022-01-04 14:19:08.961root 11241100x80000000000000004279285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f65ec0093793142022-01-04 14:19:08.961root 11241100x80000000000000004279286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c557e49fc615702022-01-04 14:19:08.961root 11241100x80000000000000004279287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1f4341ae9639592022-01-04 14:19:08.961root 11241100x80000000000000004279288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0505224ca0b97fa42022-01-04 14:19:08.961root 11241100x80000000000000004279289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6e0581ed32ca7f2022-01-04 14:19:08.961root 11241100x80000000000000004279290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ee3902a27f0a752022-01-04 14:19:08.962root 11241100x80000000000000004279291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8bb487492b13032022-01-04 14:19:08.962root 11241100x80000000000000004279292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860f00e031b58f7a2022-01-04 14:19:08.962root 11241100x80000000000000004279293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f87c0901f95e62022-01-04 14:19:08.962root 11241100x80000000000000004279294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c6fbeec1f0e3202022-01-04 14:19:08.962root 11241100x80000000000000004279295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a941a071871f3182022-01-04 14:19:08.962root 11241100x80000000000000004279296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e045c2f546ee8a2022-01-04 14:19:08.962root 11241100x80000000000000004279297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1e1e863d02d0862022-01-04 14:19:08.962root 11241100x80000000000000004279298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e74dbaa4a99a2f2022-01-04 14:19:08.962root 11241100x80000000000000004279299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1a82604ee945e2022-01-04 14:19:08.962root 11241100x80000000000000004279300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5c3afda4fff0982022-01-04 14:19:08.962root 11241100x80000000000000004279301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f474a8a5fb9b2b2022-01-04 14:19:08.962root 11241100x80000000000000004279302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c8fe9e2df9b6cf2022-01-04 14:19:08.962root 11241100x80000000000000004279303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e331aac6cf3a3e2022-01-04 14:19:08.962root 11241100x80000000000000004279304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ca2353b47ce0232022-01-04 14:19:08.962root 11241100x80000000000000004279305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07efd1980991a09d2022-01-04 14:19:08.963root 11241100x80000000000000004279306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9807cfc0c58262022-01-04 14:19:08.963root 11241100x80000000000000004279307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e75169a13f50f02022-01-04 14:19:08.963root 11241100x80000000000000004279308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cdcdfc2d010fda2022-01-04 14:19:08.963root 11241100x80000000000000004279309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e861117d9d8257ed2022-01-04 14:19:08.963root 11241100x80000000000000004279310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54789bb0b88765cb2022-01-04 14:19:08.963root 11241100x80000000000000004279311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01801a275e6607f2022-01-04 14:19:08.964root 11241100x80000000000000004279312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06932038a532ed3b2022-01-04 14:19:08.964root 11241100x80000000000000004279313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dca4be74f4edba2022-01-04 14:19:08.964root 11241100x80000000000000004279314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff66c4bd288425ff2022-01-04 14:19:08.964root 11241100x80000000000000004279315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc64b6b262f6517a2022-01-04 14:19:08.964root 11241100x80000000000000004279316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d2981d53935d82022-01-04 14:19:08.964root 11241100x80000000000000004279317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208a0f684e54d61b2022-01-04 14:19:08.964root 11241100x80000000000000004279318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c96d510ed084d22022-01-04 14:19:08.964root 11241100x80000000000000004279319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e2407d1700585b2022-01-04 14:19:08.964root 11241100x80000000000000004279320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee3539f5df177732022-01-04 14:19:08.965root 11241100x80000000000000004279321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625dfe0ca2dd42ed2022-01-04 14:19:08.965root 11241100x80000000000000004279322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea0d01c2a31f8ca2022-01-04 14:19:08.965root 11241100x80000000000000004279323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ae13a8dc26135e2022-01-04 14:19:08.965root 11241100x80000000000000004279324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefd3844a99ffe882022-01-04 14:19:08.965root 11241100x80000000000000004279325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e640255d264798542022-01-04 14:19:08.965root 11241100x80000000000000004279326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bfb38dbac56f6b2022-01-04 14:19:08.965root 11241100x80000000000000004279327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288cb7f539ac39ce2022-01-04 14:19:08.965root 11241100x80000000000000004279328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d72e0f6af9bd8c82022-01-04 14:19:08.966root 11241100x80000000000000004279329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29d3e5e1b6d85972022-01-04 14:19:08.966root 11241100x80000000000000004279330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250a501940e5320d2022-01-04 14:19:08.967root 11241100x80000000000000004279331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7254c35accc225032022-01-04 14:19:08.967root 11241100x80000000000000004279332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec77b4d1bf5b0f9b2022-01-04 14:19:08.967root 11241100x80000000000000004279333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ee7404b9888c262022-01-04 14:19:08.967root 11241100x80000000000000004279334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a669145be73a89782022-01-04 14:19:08.967root 11241100x80000000000000004279335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af317ac9bc8649092022-01-04 14:19:08.967root 11241100x80000000000000004279336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3974ad2931ecd422022-01-04 14:19:08.967root 11241100x80000000000000004279337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b08798013f68052022-01-04 14:19:08.967root 11241100x80000000000000004279338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288f3c59143870912022-01-04 14:19:08.967root 11241100x80000000000000004279339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264811f2b03834442022-01-04 14:19:08.967root 11241100x80000000000000004279340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63b56532647bbf92022-01-04 14:19:08.967root 11241100x80000000000000004279341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ada06bf50b8d232022-01-04 14:19:08.968root 11241100x80000000000000004279342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e1c61dc0d97ba42022-01-04 14:19:08.968root 11241100x80000000000000004279343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973094a005f151882022-01-04 14:19:08.968root 11241100x80000000000000004279344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75a1992d5a94c9a2022-01-04 14:19:08.968root 11241100x80000000000000004279345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9263d25f14f6dfc2022-01-04 14:19:08.968root 11241100x80000000000000004279346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632fa780b2713552022-01-04 14:19:08.968root 11241100x80000000000000004279347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6118b799e95e82222022-01-04 14:19:08.968root 11241100x80000000000000004279348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f678b3be358c9ff32022-01-04 14:19:08.968root 11241100x80000000000000004279349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fb8bd89aba46ef2022-01-04 14:19:08.968root 11241100x80000000000000004279350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cb1b282e4811db2022-01-04 14:19:08.968root 11241100x80000000000000004279351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dd5db436b42dac2022-01-04 14:19:08.968root 11241100x80000000000000004279352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9432d02a26af2572022-01-04 14:19:08.968root 11241100x80000000000000004279353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3fcb59e3ba01432022-01-04 14:19:08.971root 11241100x80000000000000004279354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3a60f0e18d8a772022-01-04 14:19:08.971root 11241100x80000000000000004279355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b38b768e824092022-01-04 14:19:08.971root 11241100x80000000000000004279356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a0be5da869a3e32022-01-04 14:19:08.972root 11241100x80000000000000004279357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c96d0218f2d6aec2022-01-04 14:19:08.972root 11241100x80000000000000004279358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bfe3e3abf58c532022-01-04 14:19:08.972root 11241100x80000000000000004279359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2db0977f68fb9362022-01-04 14:19:08.972root 11241100x80000000000000004279360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e88bae2444af882022-01-04 14:19:08.972root 11241100x80000000000000004279361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c1f72aca6306ca2022-01-04 14:19:08.972root 11241100x80000000000000004279362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d1238b39b6edc72022-01-04 14:19:08.972root 11241100x80000000000000004279363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d906377b823f2302022-01-04 14:19:08.972root 11241100x80000000000000004279364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d57f950bf3a9b92022-01-04 14:19:08.972root 11241100x80000000000000004279365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e5b9942751b2f2022-01-04 14:19:08.972root 11241100x80000000000000004279366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6f3f8d7d26fde2022-01-04 14:19:08.972root 11241100x80000000000000004279367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13d766a8e8f6b182022-01-04 14:19:08.972root 11241100x80000000000000004279368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0fd93b8f6d5e502022-01-04 14:19:08.973root 11241100x80000000000000004279369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe78381c4529d192022-01-04 14:19:08.973root 11241100x80000000000000004279370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59842bc1ef61f4822022-01-04 14:19:08.973root 11241100x80000000000000004279371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c2d450630096aa2022-01-04 14:19:08.973root 11241100x80000000000000004279372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecaa7d6f0fc28772022-01-04 14:19:08.973root 11241100x80000000000000004279373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a74975007461012022-01-04 14:19:08.973root 11241100x80000000000000004279374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ae791cc57bca912022-01-04 14:19:08.973root 11241100x80000000000000004279375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2a1038312d01c92022-01-04 14:19:08.973root 11241100x80000000000000004279376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a90d8cd3d6157b2022-01-04 14:19:08.973root 11241100x80000000000000004279377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff4785ddf1f3a232022-01-04 14:19:08.973root 11241100x80000000000000004279378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983902b2e3e63e252022-01-04 14:19:08.973root 11241100x80000000000000004279379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc6fd250bc98252022-01-04 14:19:08.973root 11241100x80000000000000004279380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099082da33be71e72022-01-04 14:19:08.974root 11241100x80000000000000004279381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765a2fdf629aedf12022-01-04 14:19:08.974root 11241100x80000000000000004279382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e5cd7471a31f922022-01-04 14:19:08.974root 11241100x80000000000000004279383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fafb657e176bbd2022-01-04 14:19:08.974root 11241100x80000000000000004279384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9bc825f956a5462022-01-04 14:19:08.974root 11241100x80000000000000004279385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c931cd600261ff2022-01-04 14:19:08.974root 11241100x80000000000000004279386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e873c7cf65caca652022-01-04 14:19:08.974root 11241100x80000000000000004279387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c162e74b6e020302022-01-04 14:19:08.974root 11241100x80000000000000004279388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a82ea30dacb4f192022-01-04 14:19:08.974root 11241100x80000000000000004279389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e45bd3ba5e3c1282022-01-04 14:19:08.974root 11241100x80000000000000004279390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.975{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56da89a1ef49fb2022-01-04 14:19:08.975root 354300x80000000000000004279391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.040{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41518-false10.0.1.12-8000- 11241100x80000000000000004279392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4812616df11cd5ce2022-01-04 14:19:09.460root 11241100x80000000000000004279393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88550276eee94d5e2022-01-04 14:19:09.460root 11241100x80000000000000004279394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e08c639bf4f75a2022-01-04 14:19:09.460root 11241100x80000000000000004279395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16460979e3c309a2022-01-04 14:19:09.460root 11241100x80000000000000004279396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2ed22df0a7c0872022-01-04 14:19:09.461root 11241100x80000000000000004279397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7cd12ed5972d372022-01-04 14:19:09.461root 11241100x80000000000000004279398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2214997c889782812022-01-04 14:19:09.461root 11241100x80000000000000004279399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826273c0ee49f8f32022-01-04 14:19:09.461root 11241100x80000000000000004279400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17506cb1ad6e8b62022-01-04 14:19:09.461root 11241100x80000000000000004279401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b0483bbc6afde52022-01-04 14:19:09.461root 11241100x80000000000000004279402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65f4a0422dc25fb2022-01-04 14:19:09.461root 11241100x80000000000000004279403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c2a3d75fa3d6ab2022-01-04 14:19:09.461root 11241100x80000000000000004279404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf6943549ea2e22022-01-04 14:19:09.462root 11241100x80000000000000004279405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272c0d7d9d30155f2022-01-04 14:19:09.462root 11241100x80000000000000004279406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cc3546d2b34e9e2022-01-04 14:19:09.462root 11241100x80000000000000004279407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca2ad956517fa5b2022-01-04 14:19:09.462root 11241100x80000000000000004279408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b92755736ea1b72022-01-04 14:19:09.462root 11241100x80000000000000004279409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47600bfbc8e43622022-01-04 14:19:09.462root 11241100x80000000000000004279410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7a17a6af179e12022-01-04 14:19:09.462root 11241100x80000000000000004279411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419b9068a98dc612022-01-04 14:19:09.462root 11241100x80000000000000004279412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc70ee74eed77392022-01-04 14:19:09.462root 11241100x80000000000000004279413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec96968e4f3e67862022-01-04 14:19:09.462root 11241100x80000000000000004279414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625f6a1bbc9dee6c2022-01-04 14:19:09.463root 11241100x80000000000000004279415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0903a38844fd12f92022-01-04 14:19:09.463root 11241100x80000000000000004279416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9b36af202228202022-01-04 14:19:09.463root 11241100x80000000000000004279417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23ddb5e5c6b64202022-01-04 14:19:09.463root 11241100x80000000000000004279418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9ad41338a2d3682022-01-04 14:19:09.463root 11241100x80000000000000004279419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70aea444bbf07b82022-01-04 14:19:09.463root 11241100x80000000000000004279420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a619bafe3b6697da2022-01-04 14:19:09.463root 11241100x80000000000000004279421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6384a5e6260fa42022-01-04 14:19:09.463root 11241100x80000000000000004279422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c6250a70a3ab542022-01-04 14:19:09.463root 11241100x80000000000000004279423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc1155f5f28d7782022-01-04 14:19:09.463root 11241100x80000000000000004279424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72acbf4b2a910d222022-01-04 14:19:09.464root 11241100x80000000000000004279425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743c625d18418e212022-01-04 14:19:09.464root 11241100x80000000000000004279426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928f7994f413b73e2022-01-04 14:19:09.464root 11241100x80000000000000004279427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31134a5fc9909a092022-01-04 14:19:09.464root 11241100x80000000000000004279428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f0ac27e89e1f82022-01-04 14:19:09.464root 11241100x80000000000000004279429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b5faf31da6567f2022-01-04 14:19:09.464root 11241100x80000000000000004279430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2510b248bcc479e82022-01-04 14:19:09.464root 11241100x80000000000000004279431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be025834f7bc4182022-01-04 14:19:09.464root 11241100x80000000000000004279432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196fddf122ac5b8c2022-01-04 14:19:09.464root 11241100x80000000000000004279433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656bd5173c41de0c2022-01-04 14:19:09.464root 11241100x80000000000000004279434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed52660dec405df02022-01-04 14:19:09.959root 11241100x80000000000000004279435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43a21b8353f47742022-01-04 14:19:09.959root 11241100x80000000000000004279436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddaf7b2e6e09aad2022-01-04 14:19:09.959root 11241100x80000000000000004279437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c74236e2902bc2022-01-04 14:19:09.959root 11241100x80000000000000004279438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf00c97e91c007d2022-01-04 14:19:09.959root 11241100x80000000000000004279439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2993f0e2e31c622022-01-04 14:19:09.960root 11241100x80000000000000004279440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a783fa01bcbd2f2022-01-04 14:19:09.960root 11241100x80000000000000004279441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0c94f06b3941312022-01-04 14:19:09.960root 11241100x80000000000000004279442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417c52be4ecb6f6a2022-01-04 14:19:09.960root 11241100x80000000000000004279443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f1bb683b4b8f5e2022-01-04 14:19:09.961root 11241100x80000000000000004279444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f53047c7fb822202022-01-04 14:19:09.961root 11241100x80000000000000004279445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2a2b26d0c05a202022-01-04 14:19:09.961root 11241100x80000000000000004279446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654e864386e56c562022-01-04 14:19:09.961root 11241100x80000000000000004279447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850a2c2f701d5532022-01-04 14:19:09.961root 11241100x80000000000000004279448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5656ffe121756f942022-01-04 14:19:09.961root 11241100x80000000000000004279449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f63afc52b058052022-01-04 14:19:09.962root 11241100x80000000000000004279450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195765fe8e8db28d2022-01-04 14:19:09.962root 11241100x80000000000000004279451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf3f1c5cba46b522022-01-04 14:19:09.962root 11241100x80000000000000004279452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1361f183ea2db35b2022-01-04 14:19:09.962root 11241100x80000000000000004279453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f3b914aecddb62022-01-04 14:19:09.962root 11241100x80000000000000004279454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d51ad9a13e5fc2022-01-04 14:19:09.962root 11241100x80000000000000004279455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffdb5188fa5cc092022-01-04 14:19:09.962root 11241100x80000000000000004279456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8478d8b7379cbc2022-01-04 14:19:09.962root 11241100x80000000000000004279457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2861c75dcd831c972022-01-04 14:19:09.962root 11241100x80000000000000004279458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54659b05a4d4c5772022-01-04 14:19:09.962root 11241100x80000000000000004279459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da92fb488dfd7832022-01-04 14:19:09.963root 11241100x80000000000000004279460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa2dc3bf9c8bbbc2022-01-04 14:19:09.963root 11241100x80000000000000004279461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2b3e2731a834502022-01-04 14:19:09.963root 11241100x80000000000000004279462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c196782819dde02022-01-04 14:19:09.963root 11241100x80000000000000004279463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ba5b3801bb6c112022-01-04 14:19:09.963root 11241100x80000000000000004279464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83cae2ae97eb7f52022-01-04 14:19:09.963root 11241100x80000000000000004279465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdff2e1dd6a4d81f2022-01-04 14:19:09.963root 11241100x80000000000000004279466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86720b868ecbaa422022-01-04 14:19:09.963root 11241100x80000000000000004279467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df272704aef5832022-01-04 14:19:09.963root 11241100x80000000000000004279468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f3745df3826ad2022-01-04 14:19:09.964root 11241100x80000000000000004279469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0191e25fd516c192022-01-04 14:19:09.964root 11241100x80000000000000004279470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0cb6a911398d92022-01-04 14:19:09.964root 11241100x80000000000000004279471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7eda02f966d5702022-01-04 14:19:09.964root 11241100x80000000000000004279472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e55f6d00c0be6512022-01-04 14:19:09.964root 11241100x80000000000000004279473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be3d137109f3d2f2022-01-04 14:19:09.964root 11241100x80000000000000004279474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99e3a3e6cf428952022-01-04 14:19:09.964root 11241100x80000000000000004279475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2a262da1aebc122022-01-04 14:19:09.964root 11241100x80000000000000004279476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a111f94b73dce15f2022-01-04 14:19:09.964root 11241100x80000000000000004279477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2a095627dbbe02022-01-04 14:19:09.964root 11241100x80000000000000004279478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4ad142c90001c32022-01-04 14:19:09.965root 11241100x80000000000000004279479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d566ad4c1ed802022-01-04 14:19:09.965root 11241100x80000000000000004279480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e47cbc6148a147c2022-01-04 14:19:09.965root 11241100x80000000000000004279481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2304fd90f86cc3cf2022-01-04 14:19:09.965root 11241100x80000000000000004279482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7402a6d619ef040a2022-01-04 14:19:09.965root 11241100x80000000000000004279483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe3ead350018b9d2022-01-04 14:19:09.965root 11241100x80000000000000004279484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2e93c579bec3332022-01-04 14:19:09.965root 11241100x80000000000000004279485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e765210bd3ee08062022-01-04 14:19:09.965root 11241100x80000000000000004279486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937f20e0ed42b63e2022-01-04 14:19:10.459root 11241100x80000000000000004279487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ab9c6cc7944d2e2022-01-04 14:19:10.459root 11241100x80000000000000004279488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7611bc9d0ffa86e22022-01-04 14:19:10.459root 11241100x80000000000000004279489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb68733d0a1d67882022-01-04 14:19:10.459root 11241100x80000000000000004279490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ef3d02b7fb7a02022-01-04 14:19:10.459root 11241100x80000000000000004279491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b066acfa6806d22022-01-04 14:19:10.459root 11241100x80000000000000004279492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3f29b4e1c535c22022-01-04 14:19:10.459root 11241100x80000000000000004279493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17362a73cbd6655f2022-01-04 14:19:10.459root 11241100x80000000000000004279494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f0b47567d6c3ed2022-01-04 14:19:10.460root 11241100x80000000000000004279495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193ca0bdc56cd2d22022-01-04 14:19:10.460root 11241100x80000000000000004279496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19069dee05fba392022-01-04 14:19:10.460root 11241100x80000000000000004279497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ca16fc68ea72662022-01-04 14:19:10.460root 11241100x80000000000000004279498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31cca79aea9de662022-01-04 14:19:10.460root 11241100x80000000000000004279499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d7764b88220562022-01-04 14:19:10.460root 11241100x80000000000000004279500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f55d14d70f900c32022-01-04 14:19:10.460root 11241100x80000000000000004279501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211d1cd489322e4d2022-01-04 14:19:10.460root 11241100x80000000000000004279502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87f1d2e519f7732022-01-04 14:19:10.460root 11241100x80000000000000004279503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73718ab7030866972022-01-04 14:19:10.460root 11241100x80000000000000004279504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a796e5a56a00ae2022-01-04 14:19:10.460root 11241100x80000000000000004279505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0108f1ee6d5dd6202022-01-04 14:19:10.460root 11241100x80000000000000004279506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833442609fd0745c2022-01-04 14:19:10.460root 11241100x80000000000000004279507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b3cc9b47a7dffe2022-01-04 14:19:10.460root 11241100x80000000000000004279508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f7ff6f5a2b6c1b2022-01-04 14:19:10.460root 11241100x80000000000000004279509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da76d74769b92502022-01-04 14:19:10.461root 11241100x80000000000000004279510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bd6aac989e150a2022-01-04 14:19:10.461root 11241100x80000000000000004279511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a2a81e9c509fbd2022-01-04 14:19:10.461root 11241100x80000000000000004279512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108546e31e5024682022-01-04 14:19:10.461root 11241100x80000000000000004279513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7810d64994d18c32022-01-04 14:19:10.461root 11241100x80000000000000004279514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75460f9cf2aa784d2022-01-04 14:19:10.461root 11241100x80000000000000004279515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9a7b3175e4ab002022-01-04 14:19:10.461root 11241100x80000000000000004279516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6840716e550f3d512022-01-04 14:19:10.461root 11241100x80000000000000004279517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e250b317ea333cd82022-01-04 14:19:10.461root 11241100x80000000000000004279518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb007174e370796d2022-01-04 14:19:10.461root 11241100x80000000000000004279519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dc30ee72a610f92022-01-04 14:19:10.461root 11241100x80000000000000004279520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4b2dfa1978933d2022-01-04 14:19:10.461root 11241100x80000000000000004279521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb405b3b31ac69d2022-01-04 14:19:10.461root 11241100x80000000000000004279522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b871548ea3394562022-01-04 14:19:10.461root 11241100x80000000000000004279523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a41215d77a368762022-01-04 14:19:10.461root 11241100x80000000000000004279524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae879dc1f0138a2022-01-04 14:19:10.462root 11241100x80000000000000004279525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b7ff4d37b4c18d2022-01-04 14:19:10.462root 11241100x80000000000000004279526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea38d9a70a10b6512022-01-04 14:19:10.462root 11241100x80000000000000004279527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5356a9e6500a45b82022-01-04 14:19:10.462root 11241100x80000000000000004279528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a078ace4466390622022-01-04 14:19:10.462root 11241100x80000000000000004279529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82220daf8408db212022-01-04 14:19:10.462root 11241100x80000000000000004279530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b48edf7da6cac32022-01-04 14:19:10.462root 11241100x80000000000000004279531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6a3cb7abfa31f92022-01-04 14:19:10.462root 534500x80000000000000004279532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.667{ec2e79f3-af45-61d2-c81a-c448f1550000}14881-sshd 11241100x80000000000000004279533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.669{ec2e79f3-af3e-61d2-5819-ee8c11560000}1/lib/systemd/systemd/run/systemd/transient/session-37.scope2022-01-04 14:19:10.669root 11241100x80000000000000004279534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/sessions/.#37YHYlTd2022-01-04 14:19:10.673root 11241100x80000000000000004279535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/users/.#1000gAtAPd2022-01-04 14:19:10.673root 11241100x80000000000000004279536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/sessions/.#37e4AQLd2022-01-04 14:19:10.673root 11241100x80000000000000004279537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/sessions/.#37EzL7Hd2022-01-04 14:19:10.673root 11241100x80000000000000004279538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/users/.#1000SOupEd2022-01-04 14:19:10.673root 154100x80000000000000004279539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.674{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575a-61d4-e017-76fa68550000}14880/usr/sbin/sshd/usr/sbin/sshdroot 11241100x80000000000000004279540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.675{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dash/run/motd.dynamic.new2022-01-04 14:19:10.675root 154100x80000000000000004279541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.675{ec2e79f3-575e-61d4-78dc-c53c4a560000}14883/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dashshroot 154100x80000000000000004279542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.675{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dashshroot 154100x80000000000000004279543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.677{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 154100x80000000000000004279544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.677{ec2e79f3-575e-61d4-80fe-c568e5550000}14885/bin/uname-----uname -o/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash/bin/shroot 534500x80000000000000004279545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.678{ec2e79f3-575e-61d4-80fe-c568e5550000}14885/bin/unameroot 154100x80000000000000004279546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.678{ec2e79f3-575e-61d4-807e-8b6248560000}14886/bin/uname-----uname -r/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash/bin/shroot 534500x80000000000000004279547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.679{ec2e79f3-575e-61d4-807e-8b6248560000}14886/bin/unameroot 154100x80000000000000004279548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.679{ec2e79f3-575e-61d4-80ee-93aa45560000}14887/bin/uname-----uname -m/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash/bin/shroot 534500x80000000000000004279549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.680{ec2e79f3-575e-61d4-80ee-93aa45560000}14887/bin/unameroot 534500x80000000000000004279550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.681{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dashroot 154100x80000000000000004279551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.681{ec2e79f3-575e-61d4-6832-4de4ae550000}14888/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 534500x80000000000000004279552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.682{ec2e79f3-575e-61d4-6832-4de4ae550000}14888/bin/dashroot 154100x80000000000000004279553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.682{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 154100x80000000000000004279554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.683{ec2e79f3-575e-61d4-509c-20d66b550000}14890/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash/bin/shroot 534500x80000000000000004279555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.685{ec2e79f3-575e-61d4-509c-20d66b550000}14890/bin/greproot 154100x80000000000000004279556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.686{ec2e79f3-575e-61d4-980f-f6a8b5550000}14893/usr/bin/bc-----bc/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14891--- 154100x80000000000000004279557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.686{ec2e79f3-575e-61d4-b870-260dc5550000}14894/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14892--- 534500x80000000000000004279558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.687{ec2e79f3-575e-61d4-b870-260dc5550000}14894/usr/bin/cutroot 534500x80000000000000004279559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{00000000-0000-0000-0000-000000000000}14892<unknown process>root 534500x80000000000000004279560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{ec2e79f3-575e-61d4-980f-f6a8b5550000}14893/usr/bin/bcroot 534500x80000000000000004279561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{ec2e79f3-af45-61d2-c81a-c448f1550000}14891-root 154100x80000000000000004279562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{ec2e79f3-575e-61d4-08af-ebd537560000}14895/bin/date-----/bin/date/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash/bin/shroot 534500x80000000000000004279563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.690{ec2e79f3-575e-61d4-08af-ebd537560000}14895/bin/dateroot 154100x80000000000000004279564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.691{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash/bin/shroot 154100x80000000000000004279565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.853{ec2e79f3-575e-61d4-6862-cc151b560000}14897/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 154100x80000000000000004279566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.853{ec2e79f3-575e-61d4-b09f-d090f87f0000}14897/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 11241100x80000000000000004279567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.855{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c30133e3d0537e82022-01-04 14:19:10.855root 11241100x80000000000000004279568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.855{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0bfaaa98f42f0b2022-01-04 14:19:10.855root 11241100x80000000000000004279569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.855{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c42ce5ce6c4ce342022-01-04 14:19:10.855root 11241100x80000000000000004279570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f648cad5b92b0ab2022-01-04 14:19:10.856root 11241100x80000000000000004279571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67c891eff5ae0d12022-01-04 14:19:10.856root 11241100x80000000000000004279572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65772346515cfc42022-01-04 14:19:10.856root 11241100x80000000000000004279573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c510f5ea8872232022-01-04 14:19:10.856root 11241100x80000000000000004279574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abab9c508177ea692022-01-04 14:19:10.856root 11241100x80000000000000004279575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb699d42f131445b2022-01-04 14:19:10.856root 11241100x80000000000000004279576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79b93cf65fd1d602022-01-04 14:19:10.856root 11241100x80000000000000004279577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb9d494b924cfd2022-01-04 14:19:10.856root 11241100x80000000000000004279578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a0cb8c5ed22cec2022-01-04 14:19:10.856root 11241100x80000000000000004279579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c3f2c6ff3f9262022-01-04 14:19:10.857root 11241100x80000000000000004279580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403177a4dbf26c002022-01-04 14:19:10.857root 11241100x80000000000000004279581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17a790192eaeab72022-01-04 14:19:10.857root 11241100x80000000000000004279582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02313b10e99aeee82022-01-04 14:19:10.857root 11241100x80000000000000004279583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e95e0ddb0a83772022-01-04 14:19:10.857root 11241100x80000000000000004279584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c223fe82c85e5442022-01-04 14:19:10.857root 11241100x80000000000000004279585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b04217e9f479572022-01-04 14:19:10.857root 11241100x80000000000000004279586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c96ccf65fd97302022-01-04 14:19:10.857root 11241100x80000000000000004279587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57288ae91c558f942022-01-04 14:19:10.857root 11241100x80000000000000004279588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.858{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ca9af0c28b3cc32022-01-04 14:19:10.858root 534500x80000000000000004279589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.858{ec2e79f3-575e-61d4-b09f-d090f87f0000}14897/sbin/ldconfig.realroot 11241100x80000000000000004279590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.858{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a367119716075b882022-01-04 14:19:10.858root 11241100x80000000000000004279591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.859{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b387cd35299b8f2022-01-04 14:19:10.859root 11241100x80000000000000004279592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.859{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859bd474ae1d31b92022-01-04 14:19:10.859root 11241100x80000000000000004279593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059fe73239188d122022-01-04 14:19:10.860root 11241100x80000000000000004279594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53f93880796c7a22022-01-04 14:19:10.860root 11241100x80000000000000004279595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d1d38629ff187b2022-01-04 14:19:10.860root 11241100x80000000000000004279596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c25cded9769da32022-01-04 14:19:10.860root 11241100x80000000000000004279597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.861{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be8f94e041f70132022-01-04 14:19:10.861root 11241100x80000000000000004279598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.861{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1ec9f8332615062022-01-04 14:19:10.861root 11241100x80000000000000004279599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818bbb37d883fb8c2022-01-04 14:19:10.862root 11241100x80000000000000004279600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19224b58484ded542022-01-04 14:19:10.862root 11241100x80000000000000004279601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfd05c9f9e085c22022-01-04 14:19:10.862root 11241100x80000000000000004279602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9385ddc32c7163992022-01-04 14:19:10.862root 11241100x80000000000000004279603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f00e5a1a2077192022-01-04 14:19:10.862root 11241100x80000000000000004279604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd76e23081a88e232022-01-04 14:19:10.863root 11241100x80000000000000004279605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb6ba964f51e3b12022-01-04 14:19:10.863root 11241100x80000000000000004279606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38f93326c5497e02022-01-04 14:19:10.863root 11241100x80000000000000004279607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd53c3a32cdb8822022-01-04 14:19:10.863root 11241100x80000000000000004279608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3bec85c61464f22022-01-04 14:19:10.863root 11241100x80000000000000004279609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.864{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed92a784d9f10d3a2022-01-04 14:19:10.864root 11241100x80000000000000004279610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.864{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1435b16e38cbf1ec2022-01-04 14:19:10.864root 11241100x80000000000000004279611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.864{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc4be8a3e342fc22022-01-04 14:19:10.864root 11241100x80000000000000004279612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418a4bca745c96332022-01-04 14:19:10.865root 11241100x80000000000000004279613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9044ee2dcb3e9ab02022-01-04 14:19:10.865root 11241100x80000000000000004279614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122fedb7c9e5ecf62022-01-04 14:19:10.865root 11241100x80000000000000004279615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda4fb812b11a6812022-01-04 14:19:10.865root 11241100x80000000000000004279616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.866{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6078eff11cade62022-01-04 14:19:10.866root 11241100x80000000000000004279617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.866{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af3b223dd67f5d52022-01-04 14:19:10.866root 11241100x80000000000000004279618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.866{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e0c586b1b67f012022-01-04 14:19:10.866root 11241100x80000000000000004279619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.867{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81446b7620e61ba22022-01-04 14:19:10.867root 11241100x80000000000000004279620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.867{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec9b01dae6c1962022-01-04 14:19:10.867root 11241100x80000000000000004279621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.867{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56981fb6279e9d0c2022-01-04 14:19:10.867root 11241100x80000000000000004279622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21436fe892be5dfb2022-01-04 14:19:10.868root 11241100x80000000000000004279623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d9ae408ae626c32022-01-04 14:19:10.868root 11241100x80000000000000004279624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb41bcbcc79bc202022-01-04 14:19:10.868root 11241100x80000000000000004279625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9321cd535a722472022-01-04 14:19:10.868root 11241100x80000000000000004279626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1333fa4796db6a8a2022-01-04 14:19:10.868root 11241100x80000000000000004279627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ceaa193de6b16a2022-01-04 14:19:10.868root 11241100x80000000000000004279628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09ff27d5715fd6b2022-01-04 14:19:10.868root 11241100x80000000000000004279629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d20b9ee00b0e4d2022-01-04 14:19:10.868root 11241100x80000000000000004279630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce1572ed7fe5c772022-01-04 14:19:10.868root 11241100x80000000000000004279631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a696fa6881420e2022-01-04 14:19:10.869root 11241100x80000000000000004279632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbf82760c88aa312022-01-04 14:19:10.869root 11241100x80000000000000004279633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1afec3eb27cf3a2022-01-04 14:19:10.869root 11241100x80000000000000004279634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8f4f83bdcb99372022-01-04 14:19:10.869root 11241100x80000000000000004279635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8caa33faec10222022-01-04 14:19:10.869root 11241100x80000000000000004279636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840bb33cce9ef9f2022-01-04 14:19:10.870root 11241100x80000000000000004279637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf8a602f99522112022-01-04 14:19:10.870root 11241100x80000000000000004279638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c102a8ba36fc6bd12022-01-04 14:19:10.870root 11241100x80000000000000004279639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b1423cdd4d53182022-01-04 14:19:10.870root 11241100x80000000000000004279640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653e8a0185b8182f2022-01-04 14:19:10.870root 11241100x80000000000000004279641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd486ceaf0882562022-01-04 14:19:10.870root 11241100x80000000000000004279642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e56ce406184eb2022-01-04 14:19:10.871root 11241100x80000000000000004279643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c4b36a496576cb2022-01-04 14:19:10.871root 11241100x80000000000000004279644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e04318c84d662c2022-01-04 14:19:10.871root 11241100x80000000000000004279645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7225340cc4eae502022-01-04 14:19:10.871root 11241100x80000000000000004279646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce446c590533be812022-01-04 14:19:10.871root 11241100x80000000000000004279647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a171f527116bb02022-01-04 14:19:10.871root 11241100x80000000000000004279648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa17d739c9f411122022-01-04 14:19:10.871root 11241100x80000000000000004279649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626784541a921b7d2022-01-04 14:19:10.871root 11241100x80000000000000004279650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ced70a87689b7d2022-01-04 14:19:10.871root 11241100x80000000000000004279651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2fb12f6ad41c02022-01-04 14:19:10.872root 11241100x80000000000000004279652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbdfccc7242edf92022-01-04 14:19:10.872root 11241100x80000000000000004279653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7a0656443cc3312022-01-04 14:19:10.872root 11241100x80000000000000004279654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57316993ffb2ee442022-01-04 14:19:10.872root 11241100x80000000000000004279655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767898ef08dfca302022-01-04 14:19:10.872root 11241100x80000000000000004279656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4830b360bf21812d2022-01-04 14:19:10.872root 11241100x80000000000000004279657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c13247e549503a2022-01-04 14:19:10.872root 11241100x80000000000000004279658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582000fa3c84c092022-01-04 14:19:10.872root 11241100x80000000000000004279659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4b3824336369912022-01-04 14:19:10.872root 11241100x80000000000000004279660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d48c3cb1283152022-01-04 14:19:10.872root 11241100x80000000000000004279661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e057806c732e907f2022-01-04 14:19:10.872root 11241100x80000000000000004279662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9025427022acd2f52022-01-04 14:19:10.873root 11241100x80000000000000004279663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d7d389af9328722022-01-04 14:19:10.873root 11241100x80000000000000004279664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a33b4b5bf5f53922022-01-04 14:19:10.873root 11241100x80000000000000004279665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be55e9a2141eda2b2022-01-04 14:19:10.873root 11241100x80000000000000004279666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d3f2e3d42ac7182022-01-04 14:19:10.873root 11241100x80000000000000004279667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f586dd9bdcc8572022-01-04 14:19:10.873root 11241100x80000000000000004279668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3112374a29501b2022-01-04 14:19:10.873root 11241100x80000000000000004279669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6bdb7eb6fd7e52022-01-04 14:19:10.873root 11241100x80000000000000004279670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b19c8dc2d7eaa232022-01-04 14:19:10.873root 11241100x80000000000000004279671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1119c67e40d3c212022-01-04 14:19:10.873root 11241100x80000000000000004279672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcef2bca299a43a52022-01-04 14:19:10.873root 11241100x80000000000000004279673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1825711a2b7505542022-01-04 14:19:10.873root 11241100x80000000000000004279674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.874{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7ef55d5e6a8f02022-01-04 14:19:10.874root 11241100x80000000000000004279675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba1b89273676cd62022-01-04 14:19:10.875root 11241100x80000000000000004279676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e68fa9081cc634b2022-01-04 14:19:10.875root 11241100x80000000000000004279677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096df20994cd04412022-01-04 14:19:10.875root 11241100x80000000000000004279678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0a3101c037afa2022-01-04 14:19:10.875root 11241100x80000000000000004279679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d1a86df2119a52022-01-04 14:19:10.875root 11241100x80000000000000004279680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c873cf2571a0512022-01-04 14:19:10.875root 11241100x80000000000000004279681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556c89dffe3defb32022-01-04 14:19:10.875root 11241100x80000000000000004279682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e44d01e99998052022-01-04 14:19:10.875root 11241100x80000000000000004279683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8d7a06ffea36432022-01-04 14:19:10.875root 11241100x80000000000000004279684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433776ca352337ef2022-01-04 14:19:10.875root 11241100x80000000000000004279685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce7913fc9b768972022-01-04 14:19:10.875root 11241100x80000000000000004279686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878d9ce900ebed3a2022-01-04 14:19:10.875root 11241100x80000000000000004279687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb1c39f48526cc2022-01-04 14:19:10.875root 11241100x80000000000000004279688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c495e3ef5ebb74cd2022-01-04 14:19:10.876root 11241100x80000000000000004279689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3217d20c9e051fd92022-01-04 14:19:10.876root 11241100x80000000000000004279690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364cb2afd26a42662022-01-04 14:19:10.876root 11241100x80000000000000004279691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04390210bf52dc5c2022-01-04 14:19:10.876root 11241100x80000000000000004279692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59e804190371faa2022-01-04 14:19:10.878root 11241100x80000000000000004279693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a298cf0a6cdbd4342022-01-04 14:19:10.878root 11241100x80000000000000004279694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18633190fe344db2022-01-04 14:19:10.878root 11241100x80000000000000004279695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca56dae2ebc0129b2022-01-04 14:19:10.879root 11241100x80000000000000004279696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf943d5af70edd62022-01-04 14:19:10.879root 11241100x80000000000000004279697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425fe847494896cc2022-01-04 14:19:10.879root 11241100x80000000000000004279698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d8c94f3add4da2022-01-04 14:19:10.879root 11241100x80000000000000004279699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdb7b47a1141ac02022-01-04 14:19:10.879root 11241100x80000000000000004279700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1b95603355a06b2022-01-04 14:19:10.879root 11241100x80000000000000004279701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca713ef21e64eff32022-01-04 14:19:10.879root 11241100x80000000000000004279702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6bb5af94f71712022-01-04 14:19:10.880root 11241100x80000000000000004279703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36fe7ee3c6f7ba2022-01-04 14:19:10.880root 11241100x80000000000000004279704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3dbe12b754a4c92022-01-04 14:19:10.880root 11241100x80000000000000004279705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f882f8a239e542022-01-04 14:19:10.880root 11241100x80000000000000004279706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f1509077cb7c962022-01-04 14:19:10.880root 11241100x80000000000000004279707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180258763c3512de2022-01-04 14:19:10.880root 11241100x80000000000000004279708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6c999b4b9920b42022-01-04 14:19:10.880root 11241100x80000000000000004279709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e62480f2c9b37cc2022-01-04 14:19:10.881root 11241100x80000000000000004279710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de2508346555f932022-01-04 14:19:10.881root 11241100x80000000000000004279711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee6a3e63a03efe12022-01-04 14:19:10.881root 11241100x80000000000000004279712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e253785b1af8f12022-01-04 14:19:10.881root 11241100x80000000000000004279713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55058d3d70cf2f482022-01-04 14:19:10.881root 11241100x80000000000000004279714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3770f7a7a90d41952022-01-04 14:19:10.881root 11241100x80000000000000004279715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1479f912581e3c792022-01-04 14:19:10.882root 11241100x80000000000000004279716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca086dbe1c21636e2022-01-04 14:19:10.882root 11241100x80000000000000004279717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86cc99efb2395302022-01-04 14:19:10.882root 11241100x80000000000000004279718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351ec5b183bb955c2022-01-04 14:19:10.882root 11241100x80000000000000004279719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207955ce77b432b42022-01-04 14:19:10.882root 11241100x80000000000000004279720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4a548fa262a2832022-01-04 14:19:10.882root 11241100x80000000000000004279721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8590e84a629dce5d2022-01-04 14:19:10.882root 11241100x80000000000000004279722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94f6f5b54d5ec2c2022-01-04 14:19:10.883root 11241100x80000000000000004279723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ef3938405bf0162022-01-04 14:19:10.883root 11241100x80000000000000004279724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4328d51fe45b172022-01-04 14:19:10.883root 11241100x80000000000000004279725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48265b9facff529b2022-01-04 14:19:10.883root 11241100x80000000000000004279726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b623175bdfd5def02022-01-04 14:19:10.883root 11241100x80000000000000004279727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6902d8198e3296c2022-01-04 14:19:10.883root 11241100x80000000000000004279728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ffd26fc81df3412022-01-04 14:19:10.884root 11241100x80000000000000004279729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0352bc473987676a2022-01-04 14:19:10.884root 11241100x80000000000000004279730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6042b0e4955021002022-01-04 14:19:10.884root 11241100x80000000000000004279731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d442aa20efba68702022-01-04 14:19:10.884root 11241100x80000000000000004279732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ac74cfa4c38c92022-01-04 14:19:10.884root 11241100x80000000000000004279733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77907ef30c35387f2022-01-04 14:19:10.884root 11241100x80000000000000004279734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a32ca6c5c36eb2022-01-04 14:19:10.884root 11241100x80000000000000004279735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd33dc63eb8c92812022-01-04 14:19:10.885root 11241100x80000000000000004279736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c21f44eed46f1ec2022-01-04 14:19:10.885root 11241100x80000000000000004279737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319438490091973f2022-01-04 14:19:10.885root 11241100x80000000000000004279738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e730378f66718262022-01-04 14:19:10.885root 11241100x80000000000000004279739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b685c58b092607a42022-01-04 14:19:10.885root 11241100x80000000000000004279740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98369bb7f23eff752022-01-04 14:19:10.885root 11241100x80000000000000004279741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8fcd88150b98452022-01-04 14:19:10.885root 11241100x80000000000000004279742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa1df62efa792672022-01-04 14:19:10.886root 11241100x80000000000000004279743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1e5dd572ce280a2022-01-04 14:19:10.886root 11241100x80000000000000004279744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c307fd40d3149b82022-01-04 14:19:10.886root 11241100x80000000000000004279745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab05b3efc7143092022-01-04 14:19:10.886root 11241100x80000000000000004279746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d27fe03159ba742022-01-04 14:19:10.886root 11241100x80000000000000004279747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bed1c448aac2972022-01-04 14:19:10.886root 11241100x80000000000000004279748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0cb2507226a94d2022-01-04 14:19:10.886root 11241100x80000000000000004279749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0fe7d8603634812022-01-04 14:19:10.886root 11241100x80000000000000004279750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae7418c8fc1c832022-01-04 14:19:10.886root 11241100x80000000000000004279751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff0e473fba199952022-01-04 14:19:10.886root 11241100x80000000000000004279752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401b9c34738f3f5f2022-01-04 14:19:10.886root 11241100x80000000000000004279753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b5949ac80b00832022-01-04 14:19:10.886root 11241100x80000000000000004279754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac6773c1283e0d52022-01-04 14:19:10.886root 11241100x80000000000000004279755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363ca008efbc42822022-01-04 14:19:10.887root 11241100x80000000000000004279756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e055b034d2a51e42022-01-04 14:19:10.887root 11241100x80000000000000004279757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bde7a9af793f032022-01-04 14:19:10.887root 11241100x80000000000000004279758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d09bad8b0478fb92022-01-04 14:19:10.887root 11241100x80000000000000004279759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bd9e7c35b354bd2022-01-04 14:19:10.887root 11241100x80000000000000004279760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ab437c52c155f22022-01-04 14:19:10.887root 11241100x80000000000000004279761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e56ebab61dd80892022-01-04 14:19:10.887root 11241100x80000000000000004279762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c04d89f2b4f9e52022-01-04 14:19:10.887root 11241100x80000000000000004279763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e1dc6d985401352022-01-04 14:19:10.887root 11241100x80000000000000004279764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36566dad70685242022-01-04 14:19:10.887root 11241100x80000000000000004279765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a869d85a0696a52022-01-04 14:19:10.887root 11241100x80000000000000004279766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b04ee611de4252022-01-04 14:19:10.887root 11241100x80000000000000004279767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baef934390b90162022-01-04 14:19:10.887root 11241100x80000000000000004279768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6392c580378c3e752022-01-04 14:19:10.887root 11241100x80000000000000004279769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f278975a7517e2022-01-04 14:19:10.888root 11241100x80000000000000004279770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee92cb8dd31b01142022-01-04 14:19:10.888root 11241100x80000000000000004279771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e304d7adef7b67a52022-01-04 14:19:10.888root 11241100x80000000000000004279772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce981b00b4e972b02022-01-04 14:19:10.888root 11241100x80000000000000004279773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc82821f6442d602022-01-04 14:19:10.888root 11241100x80000000000000004279774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9442112180c969012022-01-04 14:19:10.888root 11241100x80000000000000004279775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4793d3aeb76f25ba2022-01-04 14:19:10.888root 11241100x80000000000000004279776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfe1d902c87c3da2022-01-04 14:19:10.888root 11241100x80000000000000004279777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cefb163f5787cf42022-01-04 14:19:10.888root 11241100x80000000000000004279778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1a8bcee23416262022-01-04 14:19:10.888root 11241100x80000000000000004279779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4101915c805b22dd2022-01-04 14:19:10.888root 11241100x80000000000000004279780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dee11907026ae82022-01-04 14:19:10.888root 11241100x80000000000000004279781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73999f60c65ca7f92022-01-04 14:19:10.888root 11241100x80000000000000004279782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24884f42b7b4bf412022-01-04 14:19:10.888root 11241100x80000000000000004279783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30566f19aec1ce512022-01-04 14:19:10.889root 11241100x80000000000000004279784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f54f9e843402932022-01-04 14:19:10.889root 11241100x80000000000000004279785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81ff477faa3732f2022-01-04 14:19:10.889root 11241100x80000000000000004279786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12ba5c3be78bcbe2022-01-04 14:19:10.889root 11241100x80000000000000004279787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38f8133d8bc20332022-01-04 14:19:10.889root 11241100x80000000000000004279788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa2324d581cca632022-01-04 14:19:10.889root 11241100x80000000000000004279789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b991fc0e89b88d2022-01-04 14:19:10.889root 11241100x80000000000000004279790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7667efc7faee4712022-01-04 14:19:10.889root 11241100x80000000000000004279791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee02f7d87bb34032022-01-04 14:19:10.889root 11241100x80000000000000004279792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527ca390c24087072022-01-04 14:19:10.889root 11241100x80000000000000004279793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7d26bd0a9ae69b2022-01-04 14:19:10.889root 11241100x80000000000000004279794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a26787d385ffa62022-01-04 14:19:10.889root 11241100x80000000000000004279795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235272e204f566e2022-01-04 14:19:10.890root 11241100x80000000000000004279796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eccfdbd261a2b62022-01-04 14:19:10.890root 11241100x80000000000000004279797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e20927ab8020172022-01-04 14:19:10.890root 11241100x80000000000000004279798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0830b21ab60322022-01-04 14:19:10.890root 11241100x80000000000000004279799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd36c3687745ff72022-01-04 14:19:10.890root 11241100x80000000000000004279800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134da833ed058b6d2022-01-04 14:19:10.890root 11241100x80000000000000004279801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee850c9002c71f2022-01-04 14:19:10.890root 11241100x80000000000000004279802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8bc5fd2ea59ec52022-01-04 14:19:10.890root 11241100x80000000000000004279803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e56b593095216d02022-01-04 14:19:10.890root 11241100x80000000000000004279804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aa6f7ed054dcc82022-01-04 14:19:10.890root 11241100x80000000000000004279805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a713b3984fae582022-01-04 14:19:10.891root 11241100x80000000000000004279806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f143a4a364cb3e92022-01-04 14:19:10.891root 11241100x80000000000000004279807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a14594e404d5de2022-01-04 14:19:10.891root 11241100x80000000000000004279808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683efbc405ec03fc2022-01-04 14:19:10.891root 11241100x80000000000000004279809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeb009b747291ee2022-01-04 14:19:10.891root 11241100x80000000000000004279810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c818b22f6b5ade9a2022-01-04 14:19:10.891root 11241100x80000000000000004279811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d7c2efde0591942022-01-04 14:19:10.891root 11241100x80000000000000004279812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3217aab69175e4a02022-01-04 14:19:10.891root 11241100x80000000000000004279813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a2501c6ed1d3d42022-01-04 14:19:10.891root 11241100x80000000000000004279814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8973192d0e4e197b2022-01-04 14:19:10.892root 11241100x80000000000000004279815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97f5b2e98e2c39c2022-01-04 14:19:10.892root 11241100x80000000000000004279816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7f4f4ed5ca41f2022-01-04 14:19:10.892root 11241100x80000000000000004279817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d901364e22d87522022-01-04 14:19:10.892root 11241100x80000000000000004279818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f285b7dc4a5e512022-01-04 14:19:10.892root 11241100x80000000000000004279819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa467a75bd8349e2022-01-04 14:19:10.892root 11241100x80000000000000004279820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd764d0b906e14082022-01-04 14:19:10.892root 11241100x80000000000000004279821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f31190a6449dea2022-01-04 14:19:10.892root 11241100x80000000000000004279822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440dd5cc05321ec92022-01-04 14:19:10.892root 11241100x80000000000000004279823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862534653f7e36fa2022-01-04 14:19:10.892root 11241100x80000000000000004279824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c1a187912ba242022-01-04 14:19:10.892root 11241100x80000000000000004279825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739a000ece69c1082022-01-04 14:19:10.892root 11241100x80000000000000004279826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62781915ca13536b2022-01-04 14:19:10.892root 11241100x80000000000000004279827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a71c33d4eb95772022-01-04 14:19:10.892root 11241100x80000000000000004279828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6749729893ce822022-01-04 14:19:10.893root 11241100x80000000000000004279829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2953e2d6f896012022-01-04 14:19:10.893root 11241100x80000000000000004279830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07670baadb1b31f62022-01-04 14:19:10.893root 11241100x80000000000000004279831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239affa519f4c3e62022-01-04 14:19:10.893root 11241100x80000000000000004279832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f41569d6098ac1a2022-01-04 14:19:10.893root 11241100x80000000000000004279833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee872c9e3aa9d5e2022-01-04 14:19:10.893root 11241100x80000000000000004279834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921bdb67eae895702022-01-04 14:19:10.893root 11241100x80000000000000004279835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8707bbf8b88c392022-01-04 14:19:10.893root 11241100x80000000000000004279836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e071f7e03ea7d92022-01-04 14:19:10.893root 11241100x80000000000000004279837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0576f3b3f129fa2022-01-04 14:19:10.893root 11241100x80000000000000004279838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1a07a26ec4a1522022-01-04 14:19:10.893root 11241100x80000000000000004279839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6e539be0ec03992022-01-04 14:19:10.893root 11241100x80000000000000004279840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a129d4390c8fb92022-01-04 14:19:10.894root 11241100x80000000000000004279841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b02ea0e7e92a2f2022-01-04 14:19:10.894root 11241100x80000000000000004279842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beacc08380b7c7852022-01-04 14:19:10.894root 11241100x80000000000000004279843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be15c21f841037d2022-01-04 14:19:10.894root 11241100x80000000000000004279844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6259f071cea88582022-01-04 14:19:10.894root 11241100x80000000000000004279845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdef4ca54127ed82022-01-04 14:19:10.894root 11241100x80000000000000004279846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fa8f18d2334ad72022-01-04 14:19:10.894root 11241100x80000000000000004279847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c50aefa1481f64c2022-01-04 14:19:10.894root 11241100x80000000000000004279848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b92677f08742fb2022-01-04 14:19:10.894root 11241100x80000000000000004279849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35f7e3a6dfb38f32022-01-04 14:19:10.894root 11241100x80000000000000004279850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d22d4ca140d20ce2022-01-04 14:19:10.894root 11241100x80000000000000004279851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d111717245185c12022-01-04 14:19:10.894root 11241100x80000000000000004279852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.895{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e98b1aeae687962022-01-04 14:19:10.895root 11241100x80000000000000004279853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.895{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525e9104063f8f52022-01-04 14:19:10.895root 11241100x80000000000000004279854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e13f379c9a102dc2022-01-04 14:19:10.896root 11241100x80000000000000004279855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86da26438ea5fc52022-01-04 14:19:10.896root 11241100x80000000000000004279856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc070bf34034e6a92022-01-04 14:19:10.896root 11241100x80000000000000004279857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901a522e3a7aaef2022-01-04 14:19:10.896root 11241100x80000000000000004279858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a477c87972672e2022-01-04 14:19:10.896root 11241100x80000000000000004279859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e466a3bebbf563af2022-01-04 14:19:10.896root 11241100x80000000000000004279860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99661b08865ff0e72022-01-04 14:19:10.896root 154100x80000000000000004279861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.906{ec2e79f3-575e-61d4-6832-9f4489550000}14898/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 154100x80000000000000004279862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.906{ec2e79f3-575e-61d4-b05f-31b1f47f0000}14898/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000004279863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.908{ec2e79f3-575e-61d4-b05f-31b1f47f0000}14898/sbin/ldconfig.realroot 534500x80000000000000004279864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.048{00000000-0000-0000-0000-000000000000}14899<unknown process>root 154100x80000000000000004279865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.093{ec2e79f3-575f-61d4-f083-9994c0550000}14900/usr/bin/who-----who -q/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000004279866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.096{ec2e79f3-575f-61d4-f083-9994c0550000}14900/usr/bin/whoroot 534500x80000000000000004279867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.170{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6root 534500x80000000000000004279868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dashroot 154100x80000000000000004279869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c52ce08216282192022-01-04 14:19:11.171root 11241100x80000000000000004279871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d5bffa519811ab2022-01-04 14:19:11.171root 154100x80000000000000004279872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-d0e9-14a414560000}14902/bin/cat-----cat /var/cache/motd-news/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 154100x80000000000000004279873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-7832-470703560000}14903/usr/bin/head-----head -n 10/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 154100x80000000000000004279874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-e045-410a25560000}14904/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 534500x80000000000000004279875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-d0e9-14a414560000}14902/bin/catroot 11241100x80000000000000004279876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebaa26377c1c7d52022-01-04 14:19:11.172root 154100x80000000000000004279877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-b880-e80095550000}14905/usr/bin/cut-----cut -c -80/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 11241100x80000000000000004279878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4411499c8ab378052022-01-04 14:19:11.172root 11241100x80000000000000004279879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e33e308291d162022-01-04 14:19:11.173root 11241100x80000000000000004279880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b838090a212b6ca2022-01-04 14:19:11.173root 11241100x80000000000000004279881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6287784bc43de2022-01-04 14:19:11.173root 534500x80000000000000004279882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-7832-470703560000}14903/usr/bin/headroot 534500x80000000000000004279883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-e045-410a25560000}14904/usr/bin/trroot 11241100x80000000000000004279884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49385656fca514fc2022-01-04 14:19:11.173root 11241100x80000000000000004279885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3a69d18ef3050b2022-01-04 14:19:11.173root 534500x80000000000000004279886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-b880-e80095550000}14905/usr/bin/cutroot 534500x80000000000000004279887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dashroot 11241100x80000000000000004279888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf307bbe2e236d52022-01-04 14:19:11.174root 11241100x80000000000000004279889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c0b5048c3029682022-01-04 14:19:11.174root 11241100x80000000000000004279890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0d5d5bfcffa4892022-01-04 14:19:11.174root 11241100x80000000000000004279891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cba31e3320f7f952022-01-04 14:19:11.174root 154100x80000000000000004279892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-68e2-7808e4550000}14906/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99f929fce7f6fe92022-01-04 14:19:11.174root 11241100x80000000000000004279894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcee880716c336362022-01-04 14:19:11.174root 11241100x80000000000000004279895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ac442bf335bcc92022-01-04 14:19:11.174root 534500x80000000000000004279896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-575f-61d4-68e2-7808e4550000}14906/bin/dashroot 11241100x80000000000000004279897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530ca3ad95fd65f82022-01-04 14:19:11.175root 154100x80000000000000004279898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-575f-61d4-68b2-a20f7d550000}14907/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee537d42f0a683d42022-01-04 14:19:11.175root 11241100x80000000000000004279900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeb345dd5a966152022-01-04 14:19:11.175root 11241100x80000000000000004279901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d359032372acbc72022-01-04 14:19:11.176root 11241100x80000000000000004279902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401489535aba231a2022-01-04 14:19:11.176root 154100x80000000000000004279903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-575f-61d4-d0b9-348f6d550000}14908/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-68b2-a20f7d550000}14907/bin/dash/bin/shroot 11241100x80000000000000004279904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830ac077491767ae2022-01-04 14:19:11.176root 534500x80000000000000004279905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-575f-61d4-d0b9-348f6d550000}14908/bin/catroot 534500x80000000000000004279906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-575f-61d4-68b2-a20f7d550000}14907/bin/dashroot 11241100x80000000000000004279907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce701b2416a982212022-01-04 14:19:11.177root 154100x80000000000000004279908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-575f-61d4-68b2-89a4f6550000}14909/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1dd006f38d228b2022-01-04 14:19:11.178root 534500x80000000000000004279910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-575f-61d4-68b2-89a4f6550000}14909/bin/dashroot 154100x80000000000000004279911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-575f-61d4-6802-1f007b550000}14910/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b898d6d3bc07727c2022-01-04 14:19:11.178root 11241100x80000000000000004279913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4559cdc65dcc2fca2022-01-04 14:19:11.179root 11241100x80000000000000004279914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ff294eae7af0f2022-01-04 14:19:11.179root 154100x80000000000000004279915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-575f-61d4-a036-7b0000000000}14912/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14911--- 154100x80000000000000004279916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-575f-61d4-b8b0-19b65a550000}14913/usr/bin/cut-----cut -d -f4/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14911--- 11241100x80000000000000004279917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c542c060946e14f2022-01-04 14:19:11.180root 11241100x80000000000000004279918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f724431ac03ee82022-01-04 14:19:11.180root 11241100x80000000000000004279919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a60f3a7ff432e32022-01-04 14:19:11.180root 11241100x80000000000000004279920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.181{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fea7ac09fa56dd2022-01-04 14:19:11.181root 11241100x80000000000000004279921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.181{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65813daac6c3fe702022-01-04 14:19:11.181root 11241100x80000000000000004279922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.181{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dac360475707642022-01-04 14:19:11.181root 11241100x80000000000000004279923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d39c095a04d06102022-01-04 14:19:11.183root 11241100x80000000000000004279924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139feaae50d003762022-01-04 14:19:11.183root 11241100x80000000000000004279925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4531b3003db1a5992022-01-04 14:19:11.183root 11241100x80000000000000004279926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c1740ff1440f722022-01-04 14:19:11.183root 11241100x80000000000000004279927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.184{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f7d92935b4975e2022-01-04 14:19:11.184root 11241100x80000000000000004279928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.184{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef996d2849d485232022-01-04 14:19:11.184root 11241100x80000000000000004279929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.184{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2b2c66690b23172022-01-04 14:19:11.184root 11241100x80000000000000004279930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.185{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3bc73bd2544bea2022-01-04 14:19:11.185root 11241100x80000000000000004279931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.185{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc42241b143a4282022-01-04 14:19:11.185root 11241100x80000000000000004279932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed9655300d1067a2022-01-04 14:19:11.186root 11241100x80000000000000004279933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3902f333936069a42022-01-04 14:19:11.186root 11241100x80000000000000004279934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3ed6785ea244022022-01-04 14:19:11.187root 11241100x80000000000000004279935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d2d1dc665b612d2022-01-04 14:19:11.187root 11241100x80000000000000004279936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d84f1750f43fc62022-01-04 14:19:11.187root 11241100x80000000000000004279937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff43e871988f6d582022-01-04 14:19:11.187root 11241100x80000000000000004279938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8b5eedf0ae46012022-01-04 14:19:11.188root 11241100x80000000000000004279939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80b1ba018d38b12022-01-04 14:19:11.188root 11241100x80000000000000004279940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd2a51815bf1222022-01-04 14:19:11.188root 11241100x80000000000000004279941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc589e117505432022-01-04 14:19:11.188root 11241100x80000000000000004279942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd1672261476f1c2022-01-04 14:19:11.188root 11241100x80000000000000004279943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e46d3c89f6e0de72022-01-04 14:19:11.189root 11241100x80000000000000004279944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc158e0e077a081c2022-01-04 14:19:11.189root 11241100x80000000000000004279945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4910a43a64a257702022-01-04 14:19:11.189root 11241100x80000000000000004279946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926c95f94c0d48a92022-01-04 14:19:11.189root 11241100x80000000000000004279947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf94a6682aa35f2022-01-04 14:19:11.189root 11241100x80000000000000004279948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12542044d2b6e32b2022-01-04 14:19:11.190root 11241100x80000000000000004279949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ea066d5856eeb2022-01-04 14:19:11.190root 11241100x80000000000000004279950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0a9e88d354afa2022-01-04 14:19:11.190root 11241100x80000000000000004279951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7176ab356422ba2022-01-04 14:19:11.191root 11241100x80000000000000004279952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ef2b99b68448c42022-01-04 14:19:11.191root 11241100x80000000000000004279953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ac094996eba3a62022-01-04 14:19:11.191root 354300x80000000000000004280286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:26.127{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41526-false10.0.1.12-8000- 11241100x80000000000000004280287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efc30ffac36d9062022-01-04 14:19:26.459root 11241100x80000000000000004280288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66db88c7deb19242022-01-04 14:19:26.959root 354300x80000000000000004280289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.135{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42008-false10.0.1.12-8089- 11241100x80000000000000004280290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7547dc37e4deca2022-01-04 14:19:27.459root 11241100x80000000000000004280291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c471ddd8ed62f4ae2022-01-04 14:19:27.459root 11241100x80000000000000004280292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed032c32169b8012022-01-04 14:19:27.959root 11241100x80000000000000004280293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f73f1dd4b38c0ad2022-01-04 14:19:27.959root 11241100x80000000000000004280294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1bdc7c12b2c1f62022-01-04 14:19:28.459root 11241100x80000000000000004280295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1b4f0c56074a092022-01-04 14:19:28.459root 11241100x80000000000000004280296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ced9f4720f6a98b2022-01-04 14:19:28.959root 11241100x80000000000000004280297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36a4cf3fdf8e50f2022-01-04 14:19:28.959root 11241100x80000000000000004280298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4b12d2183648ad2022-01-04 14:19:29.459root 11241100x80000000000000004280299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87e42dd12be434b2022-01-04 14:19:29.459root 11241100x80000000000000004280300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108cbd11b81888e12022-01-04 14:19:29.959root 11241100x80000000000000004280301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c082561e2eb6a682022-01-04 14:19:29.959root 11241100x80000000000000004280302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db32a78211ade682022-01-04 14:19:30.459root 11241100x80000000000000004280303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c216613b7a85aa02022-01-04 14:19:30.459root 11241100x80000000000000004280304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3220cb0111f48872022-01-04 14:19:30.959root 11241100x80000000000000004280305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3b791371c56dc02022-01-04 14:19:30.959root 354300x80000000000000004280306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.151{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41530-false10.0.1.12-8000- 11241100x80000000000000004280307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:19:31.221root 11241100x80000000000000004280308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1f101a4a745c22022-01-04 14:19:31.222root 11241100x80000000000000004280309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf2eb48de1037f62022-01-04 14:19:31.222root 11241100x80000000000000004280310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74cf57c51b2a97a2022-01-04 14:19:31.222root 11241100x80000000000000004280311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb3382991a02202022-01-04 14:19:31.222root 11241100x80000000000000004280312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3868da4eb8c4895a2022-01-04 14:19:31.709root 11241100x80000000000000004280313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3700e3280fd5edc32022-01-04 14:19:31.709root 11241100x80000000000000004280314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2135a6b247b462092022-01-04 14:19:31.709root 11241100x80000000000000004280315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f962f8e117ef9e2022-01-04 14:19:31.710root 11241100x80000000000000004280316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef53dd5b85883062022-01-04 14:19:32.209root 11241100x80000000000000004280317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdbc31a045b062a2022-01-04 14:19:32.209root 11241100x80000000000000004280318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f851efcedcbbf0442022-01-04 14:19:32.209root 11241100x80000000000000004280319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3e8e19aa32b6102022-01-04 14:19:32.209root 11241100x80000000000000004280320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a4fac8416971c82022-01-04 14:19:32.710root 11241100x80000000000000004280321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e80ebf3879108a2022-01-04 14:19:32.710root 11241100x80000000000000004280322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4ad75a1f2911ae2022-01-04 14:19:32.710root 11241100x80000000000000004280323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bee1225c366c502022-01-04 14:19:32.710root 11241100x80000000000000004280324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202d9752f9ddb4632022-01-04 14:19:33.209root 11241100x80000000000000004280325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bbe03a21b666ab2022-01-04 14:19:33.209root 11241100x80000000000000004280326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc33626dc18d8f42022-01-04 14:19:33.209root 11241100x80000000000000004280327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e3010da2234c772022-01-04 14:19:33.209root 11241100x80000000000000004280328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc465acbabf2a5f52022-01-04 14:19:33.709root 11241100x80000000000000004280329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b60e808dfc03a192022-01-04 14:19:33.709root 11241100x80000000000000004280330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d5cd0b4208a2062022-01-04 14:19:33.709root 11241100x80000000000000004280331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a29213554c942e2022-01-04 14:19:33.709root 23542300x80000000000000004280332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.066{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004280333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbf35e11c391ddf2022-01-04 14:19:34.067root 11241100x80000000000000004280334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8f1c3b135c97172022-01-04 14:19:34.067root 11241100x80000000000000004280335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46eba575b8685e82022-01-04 14:19:34.067root 11241100x80000000000000004280336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d981eb8f11f7663b2022-01-04 14:19:34.067root 11241100x80000000000000004280337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e668fe258f8e1dbe2022-01-04 14:19:34.461root 11241100x80000000000000004280338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780e5fc2234ad5b42022-01-04 14:19:34.461root 11241100x80000000000000004280339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308a480a06a495bc2022-01-04 14:19:34.461root 11241100x80000000000000004280340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d1c5549c50e9032022-01-04 14:19:34.461root 11241100x80000000000000004280341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fcb7140d5f80e02022-01-04 14:19:34.461root 11241100x80000000000000004280342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773fef08e039db02022-01-04 14:19:34.959root 11241100x80000000000000004280343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51ca6587ebd65722022-01-04 14:19:34.959root 11241100x80000000000000004280344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca268341bd8f6542022-01-04 14:19:34.959root 11241100x80000000000000004280345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f532452e12c822e2022-01-04 14:19:34.959root 11241100x80000000000000004280346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cbab714d100b852022-01-04 14:19:34.959root 11241100x80000000000000004280347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46406b73a1ec97e2022-01-04 14:19:35.459root 11241100x80000000000000004280348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6874f5c131cac52022-01-04 14:19:35.459root 11241100x80000000000000004280349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5880d434992dd372022-01-04 14:19:35.459root 11241100x80000000000000004280350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120af6b8ec555ebf2022-01-04 14:19:35.459root 11241100x80000000000000004280351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a1323f4fd8670e2022-01-04 14:19:35.459root 11241100x80000000000000004280352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c215178b9d7bab32022-01-04 14:19:35.959root 11241100x80000000000000004280353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9bd3cce621d4f02022-01-04 14:19:35.959root 11241100x80000000000000004280354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46a647a0f9e65f82022-01-04 14:19:35.959root 11241100x80000000000000004280355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6c05d54f0ec40f2022-01-04 14:19:35.959root 11241100x80000000000000004280356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facea5d2ad188fa82022-01-04 14:19:35.959root 11241100x80000000000000004280357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631616fef846fba52022-01-04 14:19:36.459root 11241100x80000000000000004280358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c574f337af53b1f2022-01-04 14:19:36.459root 11241100x80000000000000004280359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f7aaf4a76de3742022-01-04 14:19:36.459root 11241100x80000000000000004280360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf443f8a544cb6c2022-01-04 14:19:36.459root 11241100x80000000000000004280361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e5f8ba262452f92022-01-04 14:19:36.459root 11241100x80000000000000004280362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7b9ef8dbb906582022-01-04 14:19:36.959root 11241100x80000000000000004280363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39c61557485b8fc2022-01-04 14:19:36.959root 11241100x80000000000000004280364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6b7e3bac316eae2022-01-04 14:19:36.959root 11241100x80000000000000004280365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f85ab1b3dc98b22022-01-04 14:19:36.959root 11241100x80000000000000004280366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0d27b6a2d2bf002022-01-04 14:19:36.959root 354300x80000000000000004280367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.124{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41532-false10.0.1.12-8000- 11241100x80000000000000004280368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3d3920b84c8ca32022-01-04 14:19:37.459root 11241100x80000000000000004280369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc19736ad6cd7b62022-01-04 14:19:37.459root 11241100x80000000000000004280370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0134136abc936db32022-01-04 14:19:37.459root 11241100x80000000000000004280371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73c7d9427ff7eb22022-01-04 14:19:37.459root 11241100x80000000000000004280372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4326fb8812e4112022-01-04 14:19:37.459root 11241100x80000000000000004280373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc7d600f67e42512022-01-04 14:19:37.459root 11241100x80000000000000004280374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b196d0433e1faf52022-01-04 14:19:37.959root 11241100x80000000000000004280375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40480359be5813572022-01-04 14:19:37.959root 11241100x80000000000000004280376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6320fc39775812022-01-04 14:19:37.959root 11241100x80000000000000004280377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa412a53db46e4932022-01-04 14:19:37.959root 11241100x80000000000000004280378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85de7382741011252022-01-04 14:19:37.959root 11241100x80000000000000004280379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97929fe6344b79932022-01-04 14:19:37.959root 11241100x80000000000000004280380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33108e3dae2b3de42022-01-04 14:19:38.459root 11241100x80000000000000004280381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff8f46619deee3f2022-01-04 14:19:38.459root 11241100x80000000000000004280382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9a133c423dec02022-01-04 14:19:38.459root 11241100x80000000000000004280383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a4aef451cf08382022-01-04 14:19:38.459root 11241100x80000000000000004280384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5fe643b00c30c32022-01-04 14:19:38.459root 11241100x80000000000000004280385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0854bded431a2c62022-01-04 14:19:38.460root 11241100x80000000000000004280386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff327be45daa0d32022-01-04 14:19:38.959root 11241100x80000000000000004280387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2942e9e3e9ef302022-01-04 14:19:38.959root 11241100x80000000000000004280388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c5b06d85849f2d2022-01-04 14:19:38.959root 11241100x80000000000000004280389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b6bc9a938cd2002022-01-04 14:19:38.959root 11241100x80000000000000004280390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf46ddbba5321fd2022-01-04 14:19:38.959root 11241100x80000000000000004280391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e3ccbe5570578e2022-01-04 14:19:38.959root 11241100x80000000000000004280392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b1d01d4b67f40e2022-01-04 14:19:39.459root 11241100x80000000000000004280393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415c3d5a4d0daf312022-01-04 14:19:39.459root 11241100x80000000000000004280394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c22b8f726a5d1692022-01-04 14:19:39.459root 11241100x80000000000000004280395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d31751b1de43d32022-01-04 14:19:39.459root 11241100x80000000000000004280396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8219db90ab280c932022-01-04 14:19:39.459root 11241100x80000000000000004280397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b7decb89cdf6162022-01-04 14:19:39.459root 11241100x80000000000000004280398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d292a4824081fb682022-01-04 14:19:39.959root 11241100x80000000000000004280399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d19a107164d232022-01-04 14:19:39.959root 11241100x80000000000000004280400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d61711ea0200b62022-01-04 14:19:39.959root 11241100x80000000000000004280401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4971b6e67adf38c52022-01-04 14:19:39.959root 11241100x80000000000000004280402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f850b1cc727b43152022-01-04 14:19:39.959root 11241100x80000000000000004280403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6f91a37c98155e2022-01-04 14:19:39.959root 11241100x80000000000000004280404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d493ebb1014e632022-01-04 14:19:40.459root 11241100x80000000000000004280405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c7331836bdd2822022-01-04 14:19:40.459root 11241100x80000000000000004280406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c06ceadc9f212582022-01-04 14:19:40.460root 11241100x80000000000000004280407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1484dfaeff914f92022-01-04 14:19:40.460root 11241100x80000000000000004280408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637f16b8da300aa42022-01-04 14:19:40.460root 11241100x80000000000000004280409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3a79d615bdcdc52022-01-04 14:19:40.460root 11241100x80000000000000004280410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f32b55e82c2c1a02022-01-04 14:19:40.959root 11241100x80000000000000004280411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d786caab2f7b5a792022-01-04 14:19:40.959root 11241100x80000000000000004280412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36842754540ccc302022-01-04 14:19:40.959root 11241100x80000000000000004280413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e517dc34e2019252022-01-04 14:19:40.959root 11241100x80000000000000004280414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed988f2f12488cfe2022-01-04 14:19:40.959root 11241100x80000000000000004280415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d582050733ae1c72022-01-04 14:19:40.959root 11241100x80000000000000004280416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967710db2b0366052022-01-04 14:19:41.459root 11241100x80000000000000004280417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850671b9e74b13452022-01-04 14:19:41.459root 11241100x80000000000000004280418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da700358ec3d4812022-01-04 14:19:41.460root 11241100x80000000000000004280419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f951cb6981dc28482022-01-04 14:19:41.460root 11241100x80000000000000004280420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd94314c14be2762022-01-04 14:19:41.460root 11241100x80000000000000004280421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52dc82073dfb1e62022-01-04 14:19:41.460root 11241100x80000000000000004280422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01163eda39be79182022-01-04 14:19:41.959root 11241100x80000000000000004280423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9188314a91e242d2022-01-04 14:19:41.960root 11241100x80000000000000004280424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146db41ab4a9a92c2022-01-04 14:19:41.960root 11241100x80000000000000004280425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c735ac28b2ec232022-01-04 14:19:41.960root 11241100x80000000000000004280426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9723701509b5102022-01-04 14:19:41.960root 11241100x80000000000000004280427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffefc8990a78b7452022-01-04 14:19:41.961root 354300x80000000000000004280428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.202{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41534-false10.0.1.12-8000- 11241100x80000000000000004280429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8743bf13c5943a972022-01-04 14:19:42.459root 11241100x80000000000000004280430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fed3abfa12b48452022-01-04 14:19:42.459root 11241100x80000000000000004280431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d50379c931c8cc12022-01-04 14:19:42.459root 11241100x80000000000000004280432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8273f3022136d822022-01-04 14:19:42.459root 11241100x80000000000000004280433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2125a85e8f5288972022-01-04 14:19:42.460root 11241100x80000000000000004280434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a1c01c90363cf52022-01-04 14:19:42.460root 11241100x80000000000000004280435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7ed347865b5f5c2022-01-04 14:19:42.460root 11241100x80000000000000004280436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca75fb46548bbed92022-01-04 14:19:42.959root 11241100x80000000000000004280437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a554a9929d102b2022-01-04 14:19:42.959root 11241100x80000000000000004280438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fafa2993f88061f2022-01-04 14:19:42.959root 11241100x80000000000000004280439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb36f22d1dd5b272022-01-04 14:19:42.959root 11241100x80000000000000004280440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aaf4e14d8f99222022-01-04 14:19:42.960root 11241100x80000000000000004280441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811e178271b24352022-01-04 14:19:42.960root 11241100x80000000000000004280442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb36437ecd880b052022-01-04 14:19:42.960root 11241100x80000000000000004280443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a4ad45fd9c2ca82022-01-04 14:19:43.459root 11241100x80000000000000004280444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c51f3b39fa1dfbe2022-01-04 14:19:43.460root 11241100x80000000000000004280445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01817388f22258402022-01-04 14:19:43.460root 11241100x80000000000000004280446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03ab58ce9e335592022-01-04 14:19:43.460root 11241100x80000000000000004280447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d083eee0293cd82022-01-04 14:19:43.460root 11241100x80000000000000004280448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c02d4f9c3e51362022-01-04 14:19:43.460root 11241100x80000000000000004280449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34243f36f188a6622022-01-04 14:19:43.460root 11241100x80000000000000004280450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de052e709be3f41c2022-01-04 14:19:43.959root 11241100x80000000000000004280451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce9a915c7269da02022-01-04 14:19:43.959root 11241100x80000000000000004280452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6976bb89c545d80d2022-01-04 14:19:43.959root 11241100x80000000000000004280453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb9d4c7c2c47fbe2022-01-04 14:19:43.959root 11241100x80000000000000004280454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0131b27db1eb0712022-01-04 14:19:43.959root 11241100x80000000000000004280455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e996066b9c87882022-01-04 14:19:43.960root 11241100x80000000000000004280456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f190ba5c0e4fc5cd2022-01-04 14:19:43.960root 11241100x80000000000000004280457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0012fcbacce562212022-01-04 14:19:44.459root 11241100x80000000000000004280458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1481da0625148b2022-01-04 14:19:44.459root 11241100x80000000000000004280459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966366faf9101e7b2022-01-04 14:19:44.459root 11241100x80000000000000004280460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0259762fe6fa5f9e2022-01-04 14:19:44.459root 11241100x80000000000000004280461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aaebd1330ba3a82022-01-04 14:19:44.459root 11241100x80000000000000004280462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5ff47b3e8a5c2c2022-01-04 14:19:44.459root 11241100x80000000000000004280463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb478d804f2dc7e2022-01-04 14:19:44.460root 11241100x80000000000000004280464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec0c8914f8d0bfd2022-01-04 14:19:44.959root 11241100x80000000000000004280465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1ca8fbbb3819392022-01-04 14:19:44.959root 11241100x80000000000000004280466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7190c7e139820672022-01-04 14:19:44.959root 11241100x80000000000000004280467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad3ce16affa09fe2022-01-04 14:19:44.960root 11241100x80000000000000004280468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbbc96a5fe337612022-01-04 14:19:44.960root 11241100x80000000000000004280469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41df6a5626a835b72022-01-04 14:19:44.960root 11241100x80000000000000004280470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c0bdedca4ced632022-01-04 14:19:44.960root 11241100x80000000000000004280471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c38048ff8536e2022-01-04 14:19:45.459root 11241100x80000000000000004280472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbbc1d69427c17e2022-01-04 14:19:45.459root 11241100x80000000000000004280473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5327ff18d27661492022-01-04 14:19:45.459root 11241100x80000000000000004280474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6737f99e5f2c4df52022-01-04 14:19:45.459root 11241100x80000000000000004280475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2607bf4bb49394c92022-01-04 14:19:45.459root 11241100x80000000000000004280476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf7b445016c6ea42022-01-04 14:19:45.460root 11241100x80000000000000004280477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc181f90195a30432022-01-04 14:19:45.460root 11241100x80000000000000004280478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733dc4c5420641b42022-01-04 14:19:45.959root 11241100x80000000000000004280479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f5da96ca907d212022-01-04 14:19:45.960root 11241100x80000000000000004280480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e84225aa78cbd702022-01-04 14:19:45.960root 11241100x80000000000000004280481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00724fc081ac5fda2022-01-04 14:19:45.960root 11241100x80000000000000004280482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f98c735f59da4fe2022-01-04 14:19:45.960root 11241100x80000000000000004280483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba385428cbd6caa2022-01-04 14:19:45.960root 11241100x80000000000000004280484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5835b41b777ea52022-01-04 14:19:45.960root 11241100x80000000000000004280485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dbd65c1d2cbeca2022-01-04 14:19:46.459root 11241100x80000000000000004280486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a8690f5d7949d22022-01-04 14:19:46.459root 11241100x80000000000000004280487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdac5e0c7693e4fe2022-01-04 14:19:46.459root 11241100x80000000000000004280488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d558ad92a8ea91632022-01-04 14:19:46.459root 11241100x80000000000000004280489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a60bae3a3a96d92022-01-04 14:19:46.459root 11241100x80000000000000004280490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb3bdd1f5488f42022-01-04 14:19:46.460root 11241100x80000000000000004280491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249e012bde94e46a2022-01-04 14:19:46.460root 11241100x80000000000000004280492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048e9ad01045ab842022-01-04 14:19:46.959root 11241100x80000000000000004280493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77bb3a5885f7c552022-01-04 14:19:46.959root 11241100x80000000000000004280494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6674a53779f16b272022-01-04 14:19:46.959root 11241100x80000000000000004280495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7542f446bc09eb2022-01-04 14:19:46.959root 11241100x80000000000000004280496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61db4bf31135e2ca2022-01-04 14:19:46.960root 11241100x80000000000000004280497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8744c15d2d9c94972022-01-04 14:19:46.960root 11241100x80000000000000004280498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49deb44588c13bd2022-01-04 14:19:46.960root 11241100x80000000000000004280499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a44941200e0e432022-01-04 14:19:47.459root 11241100x80000000000000004280500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfde591baa3c7de2022-01-04 14:19:47.459root 11241100x80000000000000004280501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada1655c33e767e22022-01-04 14:19:47.459root 11241100x80000000000000004280502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e8bef840429da42022-01-04 14:19:47.459root 11241100x80000000000000004280503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a9420e9e3917d92022-01-04 14:19:47.459root 11241100x80000000000000004280504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370a462233a039a2022-01-04 14:19:47.459root 11241100x80000000000000004280505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b086b7091c929ab2022-01-04 14:19:47.460root 11241100x80000000000000004280506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85de1a0189b6889f2022-01-04 14:19:47.959root 11241100x80000000000000004280507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4e826a609876702022-01-04 14:19:47.959root 11241100x80000000000000004280508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259439a03bd137252022-01-04 14:19:47.959root 11241100x80000000000000004280509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c61e7fb00ce082022-01-04 14:19:47.959root 11241100x80000000000000004280510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95555bf21bf35cb52022-01-04 14:19:47.959root 11241100x80000000000000004280511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6449d2c0e7d278742022-01-04 14:19:47.959root 11241100x80000000000000004280512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c964436b18a942022-01-04 14:19:47.960root 354300x80000000000000004280513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.098{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41536-false10.0.1.12-8000- 11241100x80000000000000004280514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5788340145d9202022-01-04 14:19:48.459root 11241100x80000000000000004280515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34eb76a3ff6e04c2022-01-04 14:19:48.459root 11241100x80000000000000004280516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392939d7ea3dc1da2022-01-04 14:19:48.459root 11241100x80000000000000004280517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa66a3e5d8a43f532022-01-04 14:19:48.459root 11241100x80000000000000004280518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31510a941041eb322022-01-04 14:19:48.459root 11241100x80000000000000004280519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e1f9ff86715c52022-01-04 14:19:48.460root 11241100x80000000000000004280520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359cf4d9c3a51a832022-01-04 14:19:48.460root 11241100x80000000000000004280521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7fcc16dab08fe12022-01-04 14:19:48.460root 11241100x80000000000000004280522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c75b996b406ce02022-01-04 14:19:48.959root 11241100x80000000000000004280523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b8b48408207b3e2022-01-04 14:19:48.959root 11241100x80000000000000004280524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569261faa18538c62022-01-04 14:19:48.959root 11241100x80000000000000004280525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe983a8d9aa0c862022-01-04 14:19:48.959root 11241100x80000000000000004280526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b4a25b4278a91a2022-01-04 14:19:48.959root 11241100x80000000000000004280527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81934b18e06f428f2022-01-04 14:19:48.960root 11241100x80000000000000004280528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3b5bb2382e0f7d2022-01-04 14:19:48.960root 11241100x80000000000000004280529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6352b0935680252022-01-04 14:19:48.960root 11241100x80000000000000004280530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfeb6eb47d9cb9e2022-01-04 14:19:49.459root 11241100x80000000000000004280531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841a9f3f91693ce2022-01-04 14:19:49.459root 11241100x80000000000000004280532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982ddccfa0964832022-01-04 14:19:49.459root 11241100x80000000000000004280533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d261d2e6bdea3bf2022-01-04 14:19:49.459root 11241100x80000000000000004280534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa2cecf14cc63a92022-01-04 14:19:49.459root 11241100x80000000000000004280535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caccdd5f5333418c2022-01-04 14:19:49.460root 11241100x80000000000000004280536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69ff3438590bec52022-01-04 14:19:49.460root 11241100x80000000000000004280537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dff682c836710b12022-01-04 14:19:49.460root 11241100x80000000000000004280538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeff9502d222cca2022-01-04 14:19:49.959root 11241100x80000000000000004280539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba865e30a7bf5df2022-01-04 14:19:49.959root 11241100x80000000000000004280540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b35c13c1a453f42022-01-04 14:19:49.959root 11241100x80000000000000004280541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2fb9105e7591402022-01-04 14:19:49.959root 11241100x80000000000000004280542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9678323a2977ee2022-01-04 14:19:49.959root 11241100x80000000000000004280543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49685cac05517d2022-01-04 14:19:49.960root 11241100x80000000000000004280544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194076fc70d86d42022-01-04 14:19:49.960root 11241100x80000000000000004280545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0b2e658089ae5e2022-01-04 14:19:49.960root 11241100x80000000000000004280546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad54f9714853cb62022-01-04 14:19:50.460root 11241100x80000000000000004280547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d746fe3905071702022-01-04 14:19:50.460root 11241100x80000000000000004280548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3dd6b0ad35039e2022-01-04 14:19:50.460root 11241100x80000000000000004280549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ea290109ead42a2022-01-04 14:19:50.460root 11241100x80000000000000004280550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c684d2326b31a792022-01-04 14:19:50.460root 11241100x80000000000000004280551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8024fe81f253982022-01-04 14:19:50.460root 11241100x80000000000000004280552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51884b9f3f75ee8f2022-01-04 14:19:50.460root 11241100x80000000000000004280553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cb6d40009253092022-01-04 14:19:50.460root 11241100x80000000000000004280554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63adc48e44d22b472022-01-04 14:19:50.959root 11241100x80000000000000004280555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9bf255da0b0592022-01-04 14:19:50.959root 11241100x80000000000000004280556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2da63e97570d952022-01-04 14:19:50.959root 11241100x80000000000000004280557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b07b1701932b1232022-01-04 14:19:50.959root 11241100x80000000000000004280558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f1aeb3cfa13e5f2022-01-04 14:19:50.959root 11241100x80000000000000004280559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e24a97871157012022-01-04 14:19:50.960root 11241100x80000000000000004280560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f141b911517fbd2022-01-04 14:19:50.960root 11241100x80000000000000004280561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88729127ad7a96872022-01-04 14:19:50.960root 11241100x80000000000000004280562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6049fef62b1595a2022-01-04 14:19:51.459root 11241100x80000000000000004280563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8acb59ecab37a852022-01-04 14:19:51.459root 11241100x80000000000000004280564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72afd9cc1589ab0f2022-01-04 14:19:51.459root 11241100x80000000000000004280565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8015aa12ec7eb2e2022-01-04 14:19:51.459root 11241100x80000000000000004280566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aad43ab298009b02022-01-04 14:19:51.459root 11241100x80000000000000004280567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb4e873f91dc31e2022-01-04 14:19:51.460root 11241100x80000000000000004280568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8e0ffcd928d7b32022-01-04 14:19:51.460root 11241100x80000000000000004280569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf17cfb21567b9e2022-01-04 14:19:51.460root 11241100x80000000000000004280570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cab8b191b5feeab2022-01-04 14:19:51.959root 11241100x80000000000000004280571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfa1baef46c37f62022-01-04 14:19:51.959root 11241100x80000000000000004280572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a1f7473922c972022-01-04 14:19:51.959root 11241100x80000000000000004280573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c5b83a75635b512022-01-04 14:19:51.959root 11241100x80000000000000004280574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e772db86b0b0d82022-01-04 14:19:51.960root 11241100x80000000000000004280575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023a76388b586a062022-01-04 14:19:51.960root 11241100x80000000000000004280576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440cc23a6faeb0dd2022-01-04 14:19:51.960root 11241100x80000000000000004280577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9914b6988bf18d2022-01-04 14:19:51.960root 11241100x80000000000000004280578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820467c6b923de492022-01-04 14:19:52.459root 11241100x80000000000000004280579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2da30e4fe5549a52022-01-04 14:19:52.459root 11241100x80000000000000004280580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f782fa34d0142262022-01-04 14:19:52.459root 11241100x80000000000000004280581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb11e7ab2307c68f2022-01-04 14:19:52.459root 11241100x80000000000000004280582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd24be24a3b5072022-01-04 14:19:52.459root 11241100x80000000000000004280583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89aafa7a38607f12022-01-04 14:19:52.459root 11241100x80000000000000004280584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a85b6414738a172022-01-04 14:19:52.460root 11241100x80000000000000004280585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fdb3cb2ad2bfb02022-01-04 14:19:52.460root 11241100x80000000000000004280586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4926643250f5552022-01-04 14:19:52.959root 11241100x80000000000000004280587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4b3cda5a492002022-01-04 14:19:52.959root 11241100x80000000000000004280588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176eddb97a75108a2022-01-04 14:19:52.959root 11241100x80000000000000004280589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d6b1d4b00cdb6f2022-01-04 14:19:52.959root 11241100x80000000000000004280590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bc3d17caac34bf2022-01-04 14:19:52.959root 11241100x80000000000000004280591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bcb406803942632022-01-04 14:19:52.960root 11241100x80000000000000004280592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda460b56e80c8df2022-01-04 14:19:52.960root 11241100x80000000000000004280593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee31e9ee5a4e496d2022-01-04 14:19:52.960root 354300x80000000000000004280594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.165{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41538-false10.0.1.12-8000- 11241100x80000000000000004280595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c8342ec00f4bc72022-01-04 14:19:53.459root 11241100x80000000000000004280596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e279142bc5f202022-01-04 14:19:53.459root 11241100x80000000000000004280597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b922e726abbbb61b2022-01-04 14:19:53.459root 11241100x80000000000000004280598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6542542fd28f70102022-01-04 14:19:53.459root 11241100x80000000000000004280599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e921402119ffe22022-01-04 14:19:53.459root 11241100x80000000000000004280600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d606456278855a542022-01-04 14:19:53.460root 11241100x80000000000000004280601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e98c4fecb37e892022-01-04 14:19:53.460root 11241100x80000000000000004280602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b8879c3df987512022-01-04 14:19:53.460root 11241100x80000000000000004280603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdea142672bb9642022-01-04 14:19:53.460root 11241100x80000000000000004280604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e094735b3d4878fb2022-01-04 14:19:53.959root 11241100x80000000000000004280605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520c0ec041f041f42022-01-04 14:19:53.959root 11241100x80000000000000004280606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4212866dd03dd8782022-01-04 14:19:53.959root 11241100x80000000000000004280607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e922d95572de9e2022-01-04 14:19:53.959root 11241100x80000000000000004280608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2374b4c499e06112022-01-04 14:19:53.959root 11241100x80000000000000004280609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ede203a44390172022-01-04 14:19:53.959root 11241100x80000000000000004280610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e064e8a1d299792022-01-04 14:19:53.960root 11241100x80000000000000004280611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cdbaf722d84f782022-01-04 14:19:53.960root 11241100x80000000000000004280612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7757c9b642fbc22022-01-04 14:19:53.960root 11241100x80000000000000004280613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f5e86c6e524ced2022-01-04 14:19:54.459root 11241100x80000000000000004280614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83642f6e082ce462022-01-04 14:19:54.459root 11241100x80000000000000004280615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7546fe41ca936a2022-01-04 14:19:54.459root 11241100x80000000000000004280616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c059cc0b0331592022-01-04 14:19:54.459root 11241100x80000000000000004280617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c369e44c377d12022-01-04 14:19:54.460root 11241100x80000000000000004280618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504a027a3825cded2022-01-04 14:19:54.460root 11241100x80000000000000004280619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe39695bd100a2ff2022-01-04 14:19:54.460root 11241100x80000000000000004280620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ec69b2b934baa62022-01-04 14:19:54.460root 11241100x80000000000000004280621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538958f100f3d88a2022-01-04 14:19:54.460root 154100x80000000000000004280622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.896{ec2e79f3-578a-61d4-e876-5f8e9c550000}14992/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2e79f3-575f-61d4-e803-000000000000}100037no level-{ec2e79f3-575f-61d4-0844-b7e58b550000}14975/bin/bash-bashubuntu 11241100x80000000000000004280623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a196e07c99ed69c22022-01-04 14:19:54.898root 11241100x80000000000000004280624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e96289269faa482022-01-04 14:19:54.898root 11241100x80000000000000004280625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3042b3103238eaf2022-01-04 14:19:54.898root 11241100x80000000000000004280626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb400d682a4b1aa2022-01-04 14:19:54.898root 11241100x80000000000000004280627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d15e14658d3fc2022-01-04 14:19:54.899root 11241100x80000000000000004280628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45099311227fc5b2022-01-04 14:19:54.899root 534500x80000000000000004280629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-578a-61d4-e876-5f8e9c550000}14992/bin/lsubuntu 11241100x80000000000000004280630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baec7ee1ed6f7d62022-01-04 14:19:54.899root 11241100x80000000000000004280631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d629eee5c3734a2022-01-04 14:19:54.899root 11241100x80000000000000004280632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d326cffd0ebb1dfe2022-01-04 14:19:54.899root 11241100x80000000000000004280633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c48316fa9d702f72022-01-04 14:19:54.899root 11241100x80000000000000004280634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baf16dfd4b43a772022-01-04 14:19:55.209root 11241100x80000000000000004280635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04965f9edac497eb2022-01-04 14:19:55.209root 11241100x80000000000000004280636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48384aab3b88453f2022-01-04 14:19:55.209root 11241100x80000000000000004280637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9728f176a2a0172022-01-04 14:19:55.209root 11241100x80000000000000004280638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d85ff42ac1cd4452022-01-04 14:19:55.209root 11241100x80000000000000004280639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8853bfc7ec9a762022-01-04 14:19:55.210root 11241100x80000000000000004280640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747bfc9ec9ddbddd2022-01-04 14:19:55.210root 11241100x80000000000000004280641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af285a95ecc0ca692022-01-04 14:19:55.210root 11241100x80000000000000004280642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cd01bc50ee7d282022-01-04 14:19:55.210root 11241100x80000000000000004280643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e2f46ad59cab0a2022-01-04 14:19:55.210root 11241100x80000000000000004280644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a8bcd822ebbb752022-01-04 14:19:55.210root 11241100x80000000000000004280645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b29a37e497528b2022-01-04 14:19:55.709root 11241100x80000000000000004280646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feb39251f5dff602022-01-04 14:19:55.710root 11241100x80000000000000004280647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceaa1e25c4ac59f2022-01-04 14:19:55.710root 11241100x80000000000000004280648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88593add7e66af012022-01-04 14:19:55.710root 11241100x80000000000000004280649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c508824f4f7072de2022-01-04 14:19:55.710root 11241100x80000000000000004280650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757a57a507fcfae52022-01-04 14:19:55.710root 11241100x80000000000000004280651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7eec618c521512022-01-04 14:19:55.710root 11241100x80000000000000004280652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b91d00ad4143582022-01-04 14:19:55.710root 11241100x80000000000000004280653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c006337e53c94812022-01-04 14:19:55.710root 11241100x80000000000000004280654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bca46fa91dcc3a2022-01-04 14:19:55.710root 11241100x80000000000000004280655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea8c8888ded105f2022-01-04 14:19:55.710root 11241100x80000000000000004280656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b697bad89d8a05512022-01-04 14:19:56.209root 11241100x80000000000000004280657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52af8d810c3414ff2022-01-04 14:19:56.209root 11241100x80000000000000004280658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7282987fbfe7b9df2022-01-04 14:19:56.210root 11241100x80000000000000004280659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d46332698c3c242022-01-04 14:19:56.210root 11241100x80000000000000004280660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac3c29b60d80102022-01-04 14:19:56.210root 11241100x80000000000000004280661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af20a1d3ce81d07f2022-01-04 14:19:56.210root 11241100x80000000000000004280662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4215376d3352530c2022-01-04 14:19:56.210root 11241100x80000000000000004280663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b008f76f3ec93d2022-01-04 14:19:56.210root 11241100x80000000000000004280664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2e95d4544920232022-01-04 14:19:56.210root 11241100x80000000000000004280665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d268c018e76d9d2022-01-04 14:19:56.211root 11241100x80000000000000004280666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055e081e4ecfd7d82022-01-04 14:19:56.211root 11241100x80000000000000004280667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424f999715cf32012022-01-04 14:19:56.709root 11241100x80000000000000004280668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd56318ad88639c2022-01-04 14:19:56.710root 11241100x80000000000000004280669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8963980f0d6400862022-01-04 14:19:56.710root 11241100x80000000000000004280670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b5607604c977212022-01-04 14:19:56.710root 11241100x80000000000000004280671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de788ef53a11dd432022-01-04 14:19:56.710root 11241100x80000000000000004280672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5be662cf98db9e2022-01-04 14:19:56.710root 11241100x80000000000000004280673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d468e86eed27e62022-01-04 14:19:56.710root 11241100x80000000000000004280674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e122d2747802f22022-01-04 14:19:56.710root 11241100x80000000000000004280675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80ea30dcb5baf012022-01-04 14:19:56.710root 11241100x80000000000000004280676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacfffb2d9e3dff72022-01-04 14:19:56.711root 11241100x80000000000000004280677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7b54996c289a792022-01-04 14:19:56.711root 11241100x80000000000000004280678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad540ead784774c2022-01-04 14:19:57.209root 11241100x80000000000000004280679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373110772da585b52022-01-04 14:19:57.209root 11241100x80000000000000004280680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4207309e390daa2022-01-04 14:19:57.210root 11241100x80000000000000004280681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e19740147a3c8d2022-01-04 14:19:57.210root 11241100x80000000000000004280682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939dcdf1f3c037f92022-01-04 14:19:57.210root 11241100x80000000000000004280683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a18f441066b9a92022-01-04 14:19:57.210root 11241100x80000000000000004280684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e70adc3cb75142022-01-04 14:19:57.210root 11241100x80000000000000004280685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00ad267f622ff9e2022-01-04 14:19:57.210root 11241100x80000000000000004280686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044fe22b3ba2df962022-01-04 14:19:57.210root 11241100x80000000000000004280687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5972f27533a231602022-01-04 14:19:57.210root 11241100x80000000000000004280688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07091ca0c78d1c8e2022-01-04 14:19:57.210root 11241100x80000000000000004280689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5269a60c757db2a42022-01-04 14:19:57.709root 11241100x80000000000000004280690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7c75f38b5b02ef2022-01-04 14:19:57.710root 11241100x80000000000000004280691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28eeac6c8c029bb2022-01-04 14:19:57.710root 11241100x80000000000000004280692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0318547c1cbb8c2022-01-04 14:19:57.710root 11241100x80000000000000004280693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405f6ec1b1d032662022-01-04 14:19:57.710root 11241100x80000000000000004280694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a355e441324c0f82022-01-04 14:19:57.710root 11241100x80000000000000004280695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b099f6ae08b978b2022-01-04 14:19:57.710root 11241100x80000000000000004280696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bebe87336314132022-01-04 14:19:57.710root 11241100x80000000000000004280697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e640d78303edbab2022-01-04 14:19:57.711root 11241100x80000000000000004280698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d34386cee6e4402022-01-04 14:19:57.711root 11241100x80000000000000004280699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff59644ee0c4619e2022-01-04 14:19:57.711root 11241100x80000000000000004280700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc3033d12b72fa62022-01-04 14:19:58.209root 11241100x80000000000000004280701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c198cf7ce49da5d12022-01-04 14:19:58.209root 11241100x80000000000000004280702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b2e2524f23f4e22022-01-04 14:19:58.209root 11241100x80000000000000004280703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae61d0d9d44e188e2022-01-04 14:19:58.210root 11241100x80000000000000004280704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dece0ada102578bd2022-01-04 14:19:58.210root 11241100x80000000000000004280705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43fb81a8e0b1e9f2022-01-04 14:19:58.210root 11241100x80000000000000004280706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeb4d2c921b22162022-01-04 14:19:58.210root 11241100x80000000000000004280707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace86469441dbf372022-01-04 14:19:58.210root 11241100x80000000000000004280708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d52f5b5250b08f2022-01-04 14:19:58.210root 11241100x80000000000000004280709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ee128fc571858e2022-01-04 14:19:58.210root 11241100x80000000000000004280710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af54121024aa23f62022-01-04 14:19:58.210root 11241100x80000000000000004280711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1870513cc13f6d52022-01-04 14:19:58.709root 11241100x80000000000000004280712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593009498094c882022-01-04 14:19:58.712root 11241100x80000000000000004280713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357441656c6e71bd2022-01-04 14:19:58.712root 11241100x80000000000000004280714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934bf4b407b67b032022-01-04 14:19:58.712root 11241100x80000000000000004280715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb399d3eb75de4282022-01-04 14:19:58.713root 11241100x80000000000000004280716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2d8b11d65e608c2022-01-04 14:19:58.714root 11241100x80000000000000004280717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58c3496ee1cf3622022-01-04 14:19:58.714root 11241100x80000000000000004280718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89aa57b5f3408ac2022-01-04 14:19:58.714root 11241100x80000000000000004280719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994dfbc2e1797352022-01-04 14:19:58.714root 11241100x80000000000000004280720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0da908e8ae1f02022-01-04 14:19:58.714root 11241100x80000000000000004280721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a4195f4cb1cbff2022-01-04 14:19:58.714root 354300x80000000000000004280722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.090{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41540-false10.0.1.12-8000- 11241100x80000000000000004280723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.091{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28100c53109d02922022-01-04 14:19:59.091root 11241100x80000000000000004280724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.091{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0ad7e3da297b1d2022-01-04 14:19:59.091root 11241100x80000000000000004280725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39929d1cf7186d482022-01-04 14:19:59.092root 11241100x80000000000000004280726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1aa686c4891e8482022-01-04 14:19:59.092root 11241100x80000000000000004280727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a9e211964bf45f2022-01-04 14:19:59.092root 11241100x80000000000000004280728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7ad200cb91bf212022-01-04 14:19:59.092root 11241100x80000000000000004280729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4811b0ce8562f272022-01-04 14:19:59.092root 11241100x80000000000000004280730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a68b7b7bb2e21012022-01-04 14:19:59.092root 11241100x80000000000000004280731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4facd2a8ae622a9d2022-01-04 14:19:59.093root 11241100x80000000000000004280732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a6c5506396f1122022-01-04 14:19:59.093root 11241100x80000000000000004280733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea1f8839d3c59e52022-01-04 14:19:59.093root 11241100x80000000000000004280734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22b367fd535915b2022-01-04 14:19:59.093root 11241100x80000000000000004280735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f84bac6c9cdac52022-01-04 14:19:59.459root 11241100x80000000000000004280736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d294061ba25a9d2022-01-04 14:19:59.459root 11241100x80000000000000004280737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d905dfa9106bc3862022-01-04 14:19:59.459root 11241100x80000000000000004280738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82111e19822cca102022-01-04 14:19:59.459root 11241100x80000000000000004280739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a64142dccf8400b2022-01-04 14:19:59.459root 11241100x80000000000000004280740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f18e6da06a92702022-01-04 14:19:59.460root 11241100x80000000000000004280741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f0f41514385d082022-01-04 14:19:59.460root 11241100x80000000000000004280742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cfc1fd4c17605c2022-01-04 14:19:59.460root 11241100x80000000000000004280743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f8216d346273542022-01-04 14:19:59.460root 11241100x80000000000000004280744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e5552abf9c50352022-01-04 14:19:59.460root 11241100x80000000000000004280745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb9a0c07a95c2f2022-01-04 14:19:59.460root 11241100x80000000000000004280746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f3b0649511a132022-01-04 14:19:59.460root 11241100x80000000000000004280747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90868aac012dbedd2022-01-04 14:19:59.959root 11241100x80000000000000004280748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a363955305254b2022-01-04 14:19:59.959root 11241100x80000000000000004280749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dda22fed2e7bd362022-01-04 14:19:59.960root 11241100x80000000000000004280750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfad11672fae45222022-01-04 14:19:59.960root 11241100x80000000000000004280751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f4a362a40accca2022-01-04 14:19:59.960root 11241100x80000000000000004280752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39cc768f89080652022-01-04 14:19:59.960root 11241100x80000000000000004280753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac4c005b70082f12022-01-04 14:19:59.961root 11241100x80000000000000004280754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66138a76d7dc4b0f2022-01-04 14:19:59.961root 11241100x80000000000000004280755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc4e78b34686cc62022-01-04 14:19:59.961root 11241100x80000000000000004280756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bc0d1afed946442022-01-04 14:19:59.961root 11241100x80000000000000004280757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa391b52f7d00f632022-01-04 14:19:59.961root 11241100x80000000000000004280758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdc868563a927812022-01-04 14:19:59.961root 11241100x80000000000000004280759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed44c474b6fc7aa2022-01-04 14:20:00.460root 11241100x80000000000000004280760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b713a37ec312e12022-01-04 14:20:00.460root 11241100x80000000000000004280761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621455ef6563b9ba2022-01-04 14:20:00.460root 11241100x80000000000000004280762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2517f0cbb05243482022-01-04 14:20:00.460root 11241100x80000000000000004280763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62bfd3b449cbfa2022-01-04 14:20:00.460root 11241100x80000000000000004280764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8a20573b1740ec2022-01-04 14:20:00.460root 11241100x80000000000000004280765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e90c1e75186c332022-01-04 14:20:00.460root 11241100x80000000000000004280766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb01fd3254a96f52022-01-04 14:20:00.460root 11241100x80000000000000004280767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0191b4cfd6721f102022-01-04 14:20:00.460root 11241100x80000000000000004280768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec55f2c9dac139d2022-01-04 14:20:00.461root 11241100x80000000000000004280769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74b6ff12b794622022-01-04 14:20:00.461root 11241100x80000000000000004280770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de1834760267a8d2022-01-04 14:20:00.461root 11241100x80000000000000004280771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f62988f4bc1b9f62022-01-04 14:20:00.959root 11241100x80000000000000004280772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2af8def7e4a0242022-01-04 14:20:00.959root 11241100x80000000000000004280773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d077655c58e8a62022-01-04 14:20:00.960root 11241100x80000000000000004280774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393917a112e35eda2022-01-04 14:20:00.960root 11241100x80000000000000004280775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e72c03c68d5e712022-01-04 14:20:00.960root 11241100x80000000000000004280776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92adc81ef21dd5e72022-01-04 14:20:00.960root 11241100x80000000000000004280777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69f1b9725a8de802022-01-04 14:20:00.960root 11241100x80000000000000004280778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4559408bdb54d22022-01-04 14:20:00.960root 11241100x80000000000000004280779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e04e8be48c6f222022-01-04 14:20:00.960root 11241100x80000000000000004280780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ea3140b71bb4cd2022-01-04 14:20:00.960root 11241100x80000000000000004280781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043b11fc50fe3f5f2022-01-04 14:20:00.960root 11241100x80000000000000004280782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4824d72ccf23882022-01-04 14:20:00.960root 11241100x80000000000000004280783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:20:01.221root 11241100x80000000000000004280784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fdbe1a0c9398372022-01-04 14:20:01.222root 11241100x80000000000000004280785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaf0561fbec9a062022-01-04 14:20:01.222root 11241100x80000000000000004280786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85f032d1d8db4ba2022-01-04 14:20:01.223root 11241100x80000000000000004280787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cded1b6aa5cea812022-01-04 14:20:01.223root 11241100x80000000000000004280788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd777e47d41bf0892022-01-04 14:20:01.223root 11241100x80000000000000004280789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb07f539920e0972022-01-04 14:20:01.223root 11241100x80000000000000004280790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604cb9fd2e6feb7b2022-01-04 14:20:01.223root 11241100x80000000000000004280791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8394ad1412d492782022-01-04 14:20:01.223root 11241100x80000000000000004280792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffd2048ff38e1f42022-01-04 14:20:01.223root 11241100x80000000000000004280793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0e85d0c209483b2022-01-04 14:20:01.223root 11241100x80000000000000004280794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b9d41188778d642022-01-04 14:20:01.224root 11241100x80000000000000004280795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affe56f37cf769e92022-01-04 14:20:01.224root 11241100x80000000000000004280796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688f49a58061dc732022-01-04 14:20:01.224root 11241100x80000000000000004280797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb3826e0bbd788a2022-01-04 14:20:01.709root 11241100x80000000000000004280798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3550d21599c82b4b2022-01-04 14:20:01.709root 11241100x80000000000000004280799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d4de291684e80c2022-01-04 14:20:01.709root 11241100x80000000000000004280800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f156bb17f579b52022-01-04 14:20:01.709root 11241100x80000000000000004280801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9501c6bb266c98762022-01-04 14:20:01.709root 11241100x80000000000000004280802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5da819ad92acd4b2022-01-04 14:20:01.710root 11241100x80000000000000004280803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9da3713325f45192022-01-04 14:20:01.710root 11241100x80000000000000004280804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce468dab3b7a55d2022-01-04 14:20:01.711root 11241100x80000000000000004280805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19303d8ca53ed4c2022-01-04 14:20:01.711root 11241100x80000000000000004280806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc522bf03dc7c3b52022-01-04 14:20:01.711root 11241100x80000000000000004280807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6076c64fc6f47a402022-01-04 14:20:01.711root 11241100x80000000000000004280808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c2502caf1050222022-01-04 14:20:01.711root 11241100x80000000000000004280809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f168fa10a9d1fbf82022-01-04 14:20:01.712root 11241100x80000000000000004280810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a74d0b0231ef9e32022-01-04 14:20:02.209root 11241100x80000000000000004280811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b90e19ef53decb2022-01-04 14:20:02.209root 11241100x80000000000000004280812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df63b0743b3e66dd2022-01-04 14:20:02.209root 11241100x80000000000000004280813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1231df685cfcd12022-01-04 14:20:02.209root 11241100x80000000000000004280814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23147f03f0ddf992022-01-04 14:20:02.210root 11241100x80000000000000004280815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f4816860f4265f2022-01-04 14:20:02.210root 11241100x80000000000000004280816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c91cd1872dff0c2022-01-04 14:20:02.210root 11241100x80000000000000004280817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfefa4062d2838a2022-01-04 14:20:02.210root 11241100x80000000000000004280818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463789590733ec082022-01-04 14:20:02.210root 11241100x80000000000000004280819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a487104276574d422022-01-04 14:20:02.211root 11241100x80000000000000004280820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5e9a5de16279012022-01-04 14:20:02.211root 11241100x80000000000000004280821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c665f14b591e36e92022-01-04 14:20:02.211root 11241100x80000000000000004280822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fdafc55014c6c22022-01-04 14:20:02.211root 11241100x80000000000000004280823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a83d6f905b3d732022-01-04 14:20:02.709root 11241100x80000000000000004280824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecedcf258deaea3e2022-01-04 14:20:02.710root 11241100x80000000000000004280825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a26ec2b39bb0b0f2022-01-04 14:20:02.710root 11241100x80000000000000004280826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b407bf6a4e05772022-01-04 14:20:02.710root 11241100x80000000000000004280827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585a0ba68aa4d68e2022-01-04 14:20:02.711root 11241100x80000000000000004280828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc58bc2d6da805f52022-01-04 14:20:02.711root 11241100x80000000000000004280829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba15619f64c8d6aa2022-01-04 14:20:02.711root 11241100x80000000000000004280830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c9e62c4e9d058e2022-01-04 14:20:02.711root 11241100x80000000000000004280831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f42516187636c972022-01-04 14:20:02.712root 11241100x80000000000000004280832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb554aec024dfc32022-01-04 14:20:02.712root 11241100x80000000000000004280833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3297bfb82910a62022-01-04 14:20:02.712root 11241100x80000000000000004280834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b45af46eb57242022-01-04 14:20:02.712root 11241100x80000000000000004280835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015029853038887b2022-01-04 14:20:02.712root 11241100x80000000000000004280836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d3058ec705ca2e2022-01-04 14:20:03.209root 11241100x80000000000000004280837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becd64e81d69f86a2022-01-04 14:20:03.209root 11241100x80000000000000004280838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb0aec59b7c681b2022-01-04 14:20:03.210root 11241100x80000000000000004280839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6b97446a449d242022-01-04 14:20:03.210root 11241100x80000000000000004280840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6f21f2cf6029472022-01-04 14:20:03.210root 11241100x80000000000000004280841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011cd6ee64eed79d2022-01-04 14:20:03.210root 11241100x80000000000000004280842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be376467cc72e0002022-01-04 14:20:03.210root 11241100x80000000000000004280843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895aad718c6c42f92022-01-04 14:20:03.210root 11241100x80000000000000004280844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f0239c0310876e2022-01-04 14:20:03.210root 11241100x80000000000000004280845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51598f8fac6c54032022-01-04 14:20:03.210root 11241100x80000000000000004280846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e1229d7c48e772022-01-04 14:20:03.210root 11241100x80000000000000004280847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485b2a89775ece1c2022-01-04 14:20:03.210root 11241100x80000000000000004280848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a22fffd969dada2022-01-04 14:20:03.210root 11241100x80000000000000004280849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b8358dae5b03c52022-01-04 14:20:03.709root 11241100x80000000000000004280850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b020a452cdd5a5f2022-01-04 14:20:03.709root 11241100x80000000000000004280851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a50f2eb42286d2022-01-04 14:20:03.709root 11241100x80000000000000004280852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872329fee04ba1fc2022-01-04 14:20:03.710root 11241100x80000000000000004280853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6532afce6388d62022-01-04 14:20:03.710root 11241100x80000000000000004280854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa4823ca7c1b4ef2022-01-04 14:20:03.710root 11241100x80000000000000004280855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f169469d5339cd2022-01-04 14:20:03.710root 11241100x80000000000000004280856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2da8df8c6db32452022-01-04 14:20:03.710root 11241100x80000000000000004280857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bae3c3a4c430f1c2022-01-04 14:20:03.711root 11241100x80000000000000004280858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdb3ac30ee4ac4c2022-01-04 14:20:03.711root 11241100x80000000000000004280859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5656e6c8e43eaa652022-01-04 14:20:03.711root 11241100x80000000000000004280860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bbcd327f9c3a392022-01-04 14:20:03.711root 11241100x80000000000000004280861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e61bd02365228122022-01-04 14:20:03.712root 354300x80000000000000004280862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.162{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41542-false10.0.1.12-8000- 11241100x80000000000000004280863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32a77d7fb8464c52022-01-04 14:20:04.163root 11241100x80000000000000004280864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5775ccad49c7312022-01-04 14:20:04.163root 11241100x80000000000000004280865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062144e9465b6bee2022-01-04 14:20:04.164root 11241100x80000000000000004280866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31680657db908c02022-01-04 14:20:04.164root 11241100x80000000000000004280867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182d6d8344abe5a92022-01-04 14:20:04.164root 11241100x80000000000000004280868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ab2410099b593c2022-01-04 14:20:04.164root 11241100x80000000000000004280869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132c0f52cf05a10b2022-01-04 14:20:04.164root 11241100x80000000000000004280870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8793c74207d078792022-01-04 14:20:04.164root 11241100x80000000000000004280871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0934e9699021bb6a2022-01-04 14:20:04.164root 11241100x80000000000000004280872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5683b52302a116992022-01-04 14:20:04.164root 11241100x80000000000000004280873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05abaef98b709eaf2022-01-04 14:20:04.165root 11241100x80000000000000004280874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871d59e55507227f2022-01-04 14:20:04.165root 11241100x80000000000000004280875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d40cb98cad89252022-01-04 14:20:04.165root 11241100x80000000000000004280876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f03a95b9b2fa972022-01-04 14:20:04.165root 11241100x80000000000000004280877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6abfcf23993e2e2022-01-04 14:20:04.165root 23542300x80000000000000004280878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004280879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0a0d9061872ae72022-01-04 14:20:04.460root 11241100x80000000000000004280880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01dde87a7cc0a62022-01-04 14:20:04.460root 11241100x80000000000000004280881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb28bcc59510727a2022-01-04 14:20:04.460root 11241100x80000000000000004280882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be17e9bfbbcc58a2022-01-04 14:20:04.460root 11241100x80000000000000004280883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bdbc14ed0d9c552022-01-04 14:20:04.460root 11241100x80000000000000004280884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c187e411bbd8e62022-01-04 14:20:04.460root 11241100x80000000000000004280885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb5483768bcee72022-01-04 14:20:04.460root 11241100x80000000000000004280886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cc34c03e9c75ac2022-01-04 14:20:04.460root 11241100x80000000000000004280887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b4d07e37e51aa32022-01-04 14:20:04.460root 11241100x80000000000000004280888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc6baab6ce4b762022-01-04 14:20:04.461root 11241100x80000000000000004280889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf6ae4b4dbd2de32022-01-04 14:20:04.461root 11241100x80000000000000004280890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd81c33b0ca262072022-01-04 14:20:04.461root 11241100x80000000000000004280891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e846ba5ca086a2022-01-04 14:20:04.461root 11241100x80000000000000004280892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ee641d338afc42022-01-04 14:20:04.461root 11241100x80000000000000004280893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fbdcd7ac835a742022-01-04 14:20:04.461root 11241100x80000000000000004280894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07325803ae71fb92022-01-04 14:20:04.959root 11241100x80000000000000004280895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d1ddc92167af472022-01-04 14:20:04.960root 11241100x80000000000000004280896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f895e13fb00fa8092022-01-04 14:20:04.960root 11241100x80000000000000004280897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bdfffd2600a9752022-01-04 14:20:04.960root 11241100x80000000000000004280898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a843bed036bc87cb2022-01-04 14:20:04.960root 11241100x80000000000000004280899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863d5f2034eefd912022-01-04 14:20:04.960root 11241100x80000000000000004280900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2f9c31853ac122022-01-04 14:20:04.960root 11241100x80000000000000004280901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a81578d411af4792022-01-04 14:20:04.960root 11241100x80000000000000004280902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3745d1dd147af59b2022-01-04 14:20:04.960root 11241100x80000000000000004280903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dd56c7d7d7316d2022-01-04 14:20:04.961root 11241100x80000000000000004280904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f2d74ec08baa52022-01-04 14:20:04.961root 11241100x80000000000000004280905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be0d38b9f3a9fd2022-01-04 14:20:04.961root 11241100x80000000000000004280906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664d18a8362dd4e92022-01-04 14:20:04.961root 11241100x80000000000000004280907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb681751c07ff6212022-01-04 14:20:04.961root 11241100x80000000000000004280908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e74e2c744689ffc2022-01-04 14:20:04.961root 11241100x80000000000000004280909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b115472b8d97d02022-01-04 14:20:05.460root 11241100x80000000000000004280910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50508e53483f95ce2022-01-04 14:20:05.460root 11241100x80000000000000004280911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62e7690a6a316c2022-01-04 14:20:05.460root 11241100x80000000000000004280912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e06402125f0274c2022-01-04 14:20:05.460root 11241100x80000000000000004280913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f330d717e19788662022-01-04 14:20:05.460root 11241100x80000000000000004280914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7019e3e664437702022-01-04 14:20:05.460root 11241100x80000000000000004280915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413745288f2aba742022-01-04 14:20:05.460root 11241100x80000000000000004280916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3cac7eb898fda2022-01-04 14:20:05.460root 11241100x80000000000000004280917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765d6ed1ddfc9462022-01-04 14:20:05.461root 11241100x80000000000000004280918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b879dd063a4d9a612022-01-04 14:20:05.461root 11241100x80000000000000004280919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0d27de2dd7ad742022-01-04 14:20:05.461root 11241100x80000000000000004280920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882c814aa7a687c62022-01-04 14:20:05.461root 11241100x80000000000000004280921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e93b79a5da7590b2022-01-04 14:20:05.461root 11241100x80000000000000004280922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999c5cb4d5254c32022-01-04 14:20:05.461root 11241100x80000000000000004280923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa7f6e55e444db72022-01-04 14:20:05.461root 11241100x80000000000000004280924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0ba9ae4de6b3d22022-01-04 14:20:05.960root 11241100x80000000000000004280925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1d661cc5cfbfb2022-01-04 14:20:05.960root 11241100x80000000000000004280926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e7aca0186e5482022-01-04 14:20:05.960root 11241100x80000000000000004280927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d446ef4ef7cbc92022-01-04 14:20:05.960root 11241100x80000000000000004280928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66ab681f774fb52022-01-04 14:20:05.960root 11241100x80000000000000004280929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab1ff35e51b15702022-01-04 14:20:05.960root 11241100x80000000000000004280930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f014ab6b6a9c01dc2022-01-04 14:20:05.960root 11241100x80000000000000004280931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52caaf0488793e32022-01-04 14:20:05.960root 11241100x80000000000000004280932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc1f9b1b9559e862022-01-04 14:20:05.960root 11241100x80000000000000004280933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6492d457d1f1f2f72022-01-04 14:20:05.960root 11241100x80000000000000004280934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d653ce3d2e321552022-01-04 14:20:05.960root 11241100x80000000000000004280935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a789d88e424e2d32022-01-04 14:20:05.960root 11241100x80000000000000004280936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7852e2fef31ead8b2022-01-04 14:20:05.961root 11241100x80000000000000004280937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141126136f36a5492022-01-04 14:20:05.961root 11241100x80000000000000004280938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae330075538a5fe92022-01-04 14:20:05.961root 11241100x80000000000000004280939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cdd0cfaa2000572022-01-04 14:20:06.459root 11241100x80000000000000004280940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f1b0a34f3505582022-01-04 14:20:06.460root 11241100x80000000000000004280941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dbabc6bc6c1c022022-01-04 14:20:06.460root 11241100x80000000000000004280942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca4dd21d6bce3482022-01-04 14:20:06.460root 11241100x80000000000000004280943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8742ff68e9c78c12022-01-04 14:20:06.460root 11241100x80000000000000004280944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a2bbd1b12b57fc2022-01-04 14:20:06.460root 11241100x80000000000000004280945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfcb0093a4c089e2022-01-04 14:20:06.460root 11241100x80000000000000004280946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc17a773a62bbf02022-01-04 14:20:06.460root 11241100x80000000000000004280947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0867e4d6691fa68e2022-01-04 14:20:06.460root 11241100x80000000000000004280948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfe379049bdc05e2022-01-04 14:20:06.460root 11241100x80000000000000004280949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a90b849d703ff2022-01-04 14:20:06.461root 11241100x80000000000000004280950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2868f9b47bf908232022-01-04 14:20:06.461root 11241100x80000000000000004280951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484785336c181de72022-01-04 14:20:06.461root 11241100x80000000000000004280952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdca361e64231eee2022-01-04 14:20:06.461root 11241100x80000000000000004280953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db198f98e83dae4e2022-01-04 14:20:06.461root 154100x80000000000000004280954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.855{ec2e79f3-5796-61d4-6874-315d0a560000}14993/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000004280955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9252252ddba3c2022-01-04 14:20:06.856root 11241100x80000000000000004280956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d293ae1a075b70d12022-01-04 14:20:06.856root 11241100x80000000000000004280957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d099590e2f785742022-01-04 14:20:06.856root 11241100x80000000000000004280958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be622d3265614b22022-01-04 14:20:06.856root 11241100x80000000000000004280959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0faf4a4d9192c62022-01-04 14:20:06.856root 11241100x80000000000000004280960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad168a0bc06b23b2022-01-04 14:20:06.856root 11241100x80000000000000004280961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a77a18d160b4732022-01-04 14:20:06.856root 11241100x80000000000000004280962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f859f89f4a448b7f2022-01-04 14:20:06.857root 11241100x80000000000000004280963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ecc214f12516ea2022-01-04 14:20:06.857root 11241100x80000000000000004280964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637f972447858ab42022-01-04 14:20:06.857root 11241100x80000000000000004280965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcc21c2f42207e02022-01-04 14:20:06.857root 11241100x80000000000000004280966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b11b066c0bbd22022-01-04 14:20:06.857root 11241100x80000000000000004280967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d7bc111621c0572022-01-04 14:20:06.857root 11241100x80000000000000004280968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be863d4efc40c2982022-01-04 14:20:06.857root 11241100x80000000000000004280969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813a156a841d24cb2022-01-04 14:20:06.857root 11241100x80000000000000004280970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a5542ff603a7342022-01-04 14:20:06.857root 534500x80000000000000004280971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.868{ec2e79f3-5796-61d4-6874-315d0a560000}14993/bin/psroot 11241100x80000000000000004280972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22d70f85b1b9b742022-01-04 14:20:07.209root 11241100x80000000000000004280973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77345669c5aeadbe2022-01-04 14:20:07.209root 11241100x80000000000000004280974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883ef20b80fe4a2a2022-01-04 14:20:07.209root 11241100x80000000000000004280975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e222ffdccdcfdf5a2022-01-04 14:20:07.209root 11241100x80000000000000004280976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b862bf06d6238b872022-01-04 14:20:07.210root 11241100x80000000000000004280977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994ae701fb7501cb2022-01-04 14:20:07.210root 11241100x80000000000000004280978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06685a06f94766632022-01-04 14:20:07.210root 11241100x80000000000000004280979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c051f28ea415d2022-01-04 14:20:07.210root 11241100x80000000000000004280980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66073a2f75dc7a92022-01-04 14:20:07.210root 11241100x80000000000000004280981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe3b8531a93aab2022-01-04 14:20:07.210root 11241100x80000000000000004280982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2c156108bf8da82022-01-04 14:20:07.210root 11241100x80000000000000004280983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434b3df695502d3e2022-01-04 14:20:07.210root 11241100x80000000000000004280984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f92ec7447d222b62022-01-04 14:20:07.210root 11241100x80000000000000004280985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb882d91f37544b2022-01-04 14:20:07.210root 11241100x80000000000000004280986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39070879e30d19d82022-01-04 14:20:07.210root 11241100x80000000000000004280987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c3f2ebabc434d2022-01-04 14:20:07.210root 11241100x80000000000000004280988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3631f1b92e68df12022-01-04 14:20:07.210root 11241100x80000000000000004280989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31424d95e1efaba92022-01-04 14:20:07.710root 11241100x80000000000000004280990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f678f8ac56b99092022-01-04 14:20:07.710root 11241100x80000000000000004280991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7266f7ec61623c282022-01-04 14:20:07.711root 11241100x80000000000000004280992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de42765e1b5fd712022-01-04 14:20:07.711root 11241100x80000000000000004280993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5bfe8a9a59d562022-01-04 14:20:07.711root 11241100x80000000000000004280994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa3f50bb3db7c4e2022-01-04 14:20:07.711root 11241100x80000000000000004280995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82204381215963f42022-01-04 14:20:07.712root 11241100x80000000000000004280996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54acdaf50446645a2022-01-04 14:20:07.712root 11241100x80000000000000004280997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7db407174b3fcde2022-01-04 14:20:07.712root 11241100x80000000000000004280998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384c68a8b076e1e72022-01-04 14:20:07.712root 11241100x80000000000000004280999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbfd90c55314a532022-01-04 14:20:07.712root 11241100x80000000000000004281000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e044f1753a64222022-01-04 14:20:07.712root 11241100x80000000000000004281001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bebb65fd6a527f2022-01-04 14:20:07.712root 11241100x80000000000000004281002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb1f9de4eb022832022-01-04 14:20:07.712root 11241100x80000000000000004281003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba2b91b53099cf92022-01-04 14:20:07.712root 11241100x80000000000000004281004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0035bdcb7f425a192022-01-04 14:20:07.712root 11241100x80000000000000004281005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874aac389baa9a6d2022-01-04 14:20:07.712root 11241100x80000000000000004281006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10effd57c737d1162022-01-04 14:20:08.210root 11241100x80000000000000004281007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce45188dff900402022-01-04 14:20:08.210root 11241100x80000000000000004281008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2df0079896217522022-01-04 14:20:08.210root 11241100x80000000000000004281009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ebc812e12a74a22022-01-04 14:20:08.210root 11241100x80000000000000004281010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7acfc69ed00e6b2022-01-04 14:20:08.210root 11241100x80000000000000004281011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0502f53ece0d3c902022-01-04 14:20:08.210root 11241100x80000000000000004281012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813d6e030e08378d2022-01-04 14:20:08.210root 11241100x80000000000000004281013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b6077e7dc54c802022-01-04 14:20:08.210root 11241100x80000000000000004281014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d34f69daf0452e62022-01-04 14:20:08.210root 11241100x80000000000000004281015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be35059edaf01282022-01-04 14:20:08.210root 11241100x80000000000000004281016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e85135da9e6dbf2022-01-04 14:20:08.210root 11241100x80000000000000004281017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574e9b05d714f3c42022-01-04 14:20:08.210root 11241100x80000000000000004281018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b49eae347bc90f2022-01-04 14:20:08.210root 11241100x80000000000000004281019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb7bb3e0b3037812022-01-04 14:20:08.210root 11241100x80000000000000004281020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0cbbc4c45fd9d2022-01-04 14:20:08.211root 11241100x80000000000000004281021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6f741bdbced7ab2022-01-04 14:20:08.211root 11241100x80000000000000004281022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cd35bec7d84e892022-01-04 14:20:08.211root 11241100x80000000000000004281023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4022666c6d0bcb2022-01-04 14:20:08.709root 11241100x80000000000000004281024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c772a140edb5264a2022-01-04 14:20:08.709root 11241100x80000000000000004281025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a59a2fbbc743fb2022-01-04 14:20:08.710root 11241100x80000000000000004281026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec14e3503b11209c2022-01-04 14:20:08.710root 11241100x80000000000000004281027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b51e1ffb359bcb2022-01-04 14:20:08.710root 11241100x80000000000000004281028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5268938a1ac3a992022-01-04 14:20:08.710root 11241100x80000000000000004281029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3bbc51d287c06f2022-01-04 14:20:08.710root 11241100x80000000000000004281030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08a22223f72a472022-01-04 14:20:08.710root 11241100x80000000000000004281031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc75aba029148fe02022-01-04 14:20:08.710root 11241100x80000000000000004281032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99475fa76f27fbac2022-01-04 14:20:08.710root 11241100x80000000000000004281033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f952642736d3be252022-01-04 14:20:08.710root 11241100x80000000000000004281034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dae666ef430cdb2022-01-04 14:20:08.710root 11241100x80000000000000004281035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35dffe1dfcfe06e2022-01-04 14:20:08.710root 11241100x80000000000000004281036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837c40b8fa021e3b2022-01-04 14:20:08.710root 11241100x80000000000000004281037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed653f57b75cae72022-01-04 14:20:08.710root 11241100x80000000000000004281038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b52b0243e4755c2022-01-04 14:20:08.711root 11241100x80000000000000004281039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeed266acfec91242022-01-04 14:20:08.711root 11241100x80000000000000004281040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ecacc10962db092022-01-04 14:20:09.209root 11241100x80000000000000004281041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc29ab8efbe933582022-01-04 14:20:09.209root 11241100x80000000000000004281042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf59dc40663528ec2022-01-04 14:20:09.209root 11241100x80000000000000004281043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257c3c0dc54f4b4f2022-01-04 14:20:09.210root 11241100x80000000000000004281044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9897dfa97855132022-01-04 14:20:09.210root 11241100x80000000000000004281045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c4724344a4d4ca2022-01-04 14:20:09.210root 11241100x80000000000000004281046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afdf1ff2496124c2022-01-04 14:20:09.210root 11241100x80000000000000004281047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f58aa308b3bcea2022-01-04 14:20:09.210root 11241100x80000000000000004281048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c7d6f12f073362022-01-04 14:20:09.210root 11241100x80000000000000004281049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594aa481329d01852022-01-04 14:20:09.210root 11241100x80000000000000004281050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc184014fcd1b1d2022-01-04 14:20:09.210root 11241100x80000000000000004281051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839699e35885bf1a2022-01-04 14:20:09.210root 11241100x80000000000000004281052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9914e849a5fd8422022-01-04 14:20:09.210root 11241100x80000000000000004281053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fea1b18606b4fa2022-01-04 14:20:09.210root 11241100x80000000000000004281054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7faa56b2308db252022-01-04 14:20:09.210root 11241100x80000000000000004281055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c057ebf1bd208e872022-01-04 14:20:09.210root 11241100x80000000000000004281056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659ff67b2d20be02022-01-04 14:20:09.211root 11241100x80000000000000004281057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3a06e9920639c02022-01-04 14:20:09.710root 11241100x80000000000000004281058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c761e713be69142022-01-04 14:20:09.710root 11241100x80000000000000004281059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ba0511fee3d4a82022-01-04 14:20:09.710root 11241100x80000000000000004281060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7df8789fb6d55552022-01-04 14:20:09.710root 11241100x80000000000000004281061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fec3d028fc31d72022-01-04 14:20:09.710root 11241100x80000000000000004281062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0defdb101b622a72022-01-04 14:20:09.710root 11241100x80000000000000004281063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fc8bcfc99050fe2022-01-04 14:20:09.710root 11241100x80000000000000004281064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e01e4d4b8fcfa2022-01-04 14:20:09.711root 11241100x80000000000000004281065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f44bda77ea2bea2022-01-04 14:20:09.711root 11241100x80000000000000004281066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47533f95100362d82022-01-04 14:20:09.711root 11241100x80000000000000004281067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075dea1dfa3418eb2022-01-04 14:20:09.711root 11241100x80000000000000004281068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0327ccc409df89372022-01-04 14:20:09.711root 11241100x80000000000000004281069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6057010475109a8e2022-01-04 14:20:09.711root 11241100x80000000000000004281070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc351a47b85be08d2022-01-04 14:20:09.711root 11241100x80000000000000004281071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61e2ea75a7f989b2022-01-04 14:20:09.712root 11241100x80000000000000004281072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd3f004bd051e1c2022-01-04 14:20:09.712root 11241100x80000000000000004281073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93728dd857ce55a92022-01-04 14:20:09.712root 354300x80000000000000004281074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.122{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41544-false10.0.1.12-8000- 11241100x80000000000000004281075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f1dae105e165a22022-01-04 14:20:10.123root 11241100x80000000000000004281076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf474877ddc138592022-01-04 14:20:10.123root 11241100x80000000000000004281077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6280cac9f180489b2022-01-04 14:20:10.123root 11241100x80000000000000004281078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a408785351ceefc2022-01-04 14:20:10.123root 11241100x80000000000000004281079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effd1cd5457b50462022-01-04 14:20:10.123root 11241100x80000000000000004281080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb4ec3fbe435d72022-01-04 14:20:10.123root 11241100x80000000000000004281081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c472f4119dd5c442022-01-04 14:20:10.123root 11241100x80000000000000004281082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1662fbfc2b1c6a702022-01-04 14:20:10.123root 11241100x80000000000000004281083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec91ecdcaa94cd812022-01-04 14:20:10.123root 11241100x80000000000000004281084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a90d253caf6132022-01-04 14:20:10.123root 11241100x80000000000000004281085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cf15be73bced0f2022-01-04 14:20:10.123root 11241100x80000000000000004281086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1e5e4de1e0b4f02022-01-04 14:20:10.124root 11241100x80000000000000004281087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4f5d08ad50612d2022-01-04 14:20:10.124root 11241100x80000000000000004281088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bd65b6e6bb8dc42022-01-04 14:20:10.124root 11241100x80000000000000004281089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859abc048bd139d42022-01-04 14:20:10.124root 11241100x80000000000000004281090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1874d7bc9945da8a2022-01-04 14:20:10.124root 11241100x80000000000000004281091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb08791825e799a2022-01-04 14:20:10.124root 11241100x80000000000000004281092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b76682c09c5a70d2022-01-04 14:20:10.124root 11241100x80000000000000004281093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e8a07026c58f02022-01-04 14:20:10.124root 11241100x80000000000000004281094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2ebcfb9a502e972022-01-04 14:20:10.124root 11241100x80000000000000004281095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f83e66844bce4a2022-01-04 14:20:10.124root 11241100x80000000000000004281096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75266289b2522242022-01-04 14:20:10.459root 11241100x80000000000000004281097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c94220e12e39b3e2022-01-04 14:20:10.459root 11241100x80000000000000004281098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3014da4ef0acfe72022-01-04 14:20:10.459root 11241100x80000000000000004281099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc7657afff9753a2022-01-04 14:20:10.459root 11241100x80000000000000004281100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f21ccbb0f62b942022-01-04 14:20:10.459root 11241100x80000000000000004281101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785a8964fc765a192022-01-04 14:20:10.459root 11241100x80000000000000004281102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532fba5ac5e3c1652022-01-04 14:20:10.459root 11241100x80000000000000004281103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc0f44098a25dbe2022-01-04 14:20:10.460root 11241100x80000000000000004281104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8133d6113ce9d142022-01-04 14:20:10.460root 11241100x80000000000000004281105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c35b2f19de75f72022-01-04 14:20:10.460root 11241100x80000000000000004281106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acc289d165c681b2022-01-04 14:20:10.460root 11241100x80000000000000004281107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59e6ea618dbeb62022-01-04 14:20:10.460root 11241100x80000000000000004281108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f3b3028b4c50b82022-01-04 14:20:10.460root 11241100x80000000000000004281109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b18946ef5125422022-01-04 14:20:10.460root 11241100x80000000000000004281110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ffc6006df33d3a2022-01-04 14:20:10.460root 11241100x80000000000000004281111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391060107faa98592022-01-04 14:20:10.460root 11241100x80000000000000004281112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c3e571e5ece2482022-01-04 14:20:10.460root 11241100x80000000000000004281113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cb926ddfadc1e42022-01-04 14:20:10.460root 11241100x80000000000000004281114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5f311deddc96062022-01-04 14:20:10.959root 11241100x80000000000000004281115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed668dbf569dea6f2022-01-04 14:20:10.960root 11241100x80000000000000004281116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f131a2e5ac2f9cef2022-01-04 14:20:10.960root 11241100x80000000000000004281117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3ff81367a28b272022-01-04 14:20:10.960root 11241100x80000000000000004281118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb14f10fdf4c9a0c2022-01-04 14:20:10.960root 11241100x80000000000000004281119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b74201ebb77970a2022-01-04 14:20:10.960root 11241100x80000000000000004281120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9fe1944eae24502022-01-04 14:20:10.960root 11241100x80000000000000004281121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b78440f21deab62022-01-04 14:20:10.960root 11241100x80000000000000004281122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15400337221f4632022-01-04 14:20:10.960root 11241100x80000000000000004281123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8a8272a9a6903a2022-01-04 14:20:10.961root 11241100x80000000000000004281124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9a8b9aafeca3be2022-01-04 14:20:10.961root 11241100x80000000000000004281125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c26d105987e21c2022-01-04 14:20:10.961root 11241100x80000000000000004281126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6776c5bb05fd02022-01-04 14:20:10.961root 11241100x80000000000000004281127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38735a3554973feb2022-01-04 14:20:10.961root 11241100x80000000000000004281128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf73163f9af1e22022-01-04 14:20:10.961root 11241100x80000000000000004281129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfac2dd1bc029d72022-01-04 14:20:10.961root 11241100x80000000000000004281130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa6bbaec0a565022022-01-04 14:20:10.961root 11241100x80000000000000004281131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c21c2e7d1208ce12022-01-04 14:20:10.962root 11241100x80000000000000004281132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2fe5302f6a759d2022-01-04 14:20:11.460root 11241100x80000000000000004281133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd8a3ebab4b41702022-01-04 14:20:11.460root 11241100x80000000000000004281134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad6833c0668a3c2022-01-04 14:20:11.460root 11241100x80000000000000004281135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610b022dbe93d8e52022-01-04 14:20:11.460root 11241100x80000000000000004281136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca215bec6941de962022-01-04 14:20:11.460root 11241100x80000000000000004281137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6821c241c832e95d2022-01-04 14:20:11.460root 11241100x80000000000000004281138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888d8df2720cfd12022-01-04 14:20:11.460root 11241100x80000000000000004281139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80449242b1093c1c2022-01-04 14:20:11.460root 11241100x80000000000000004281140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c05f6f6419ea22022-01-04 14:20:11.460root 11241100x80000000000000004281141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0887660daa38a2022-01-04 14:20:11.460root 11241100x80000000000000004281142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5851d92699a20c5b2022-01-04 14:20:11.460root 11241100x80000000000000004281143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7f8328ca6ddd592022-01-04 14:20:11.461root 11241100x80000000000000004281144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de06e43fe3e0912022-01-04 14:20:11.461root 11241100x80000000000000004281145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadc45bf4b0755c32022-01-04 14:20:11.461root 11241100x80000000000000004281146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f4133c325835b12022-01-04 14:20:11.461root 11241100x80000000000000004281147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f867f2f27d79a42022-01-04 14:20:11.461root 11241100x80000000000000004281148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b165a87b41f3fa2022-01-04 14:20:11.461root 11241100x80000000000000004281149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3005dd6e7455e02022-01-04 14:20:11.461root 11241100x80000000000000004281150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a145c5630a1b1d2022-01-04 14:20:11.959root 11241100x80000000000000004281151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65430385c35441a22022-01-04 14:20:11.959root 11241100x80000000000000004281152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a623d98285f474d22022-01-04 14:20:11.959root 11241100x80000000000000004281153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea7bcf309e33af42022-01-04 14:20:11.959root 11241100x80000000000000004281154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5896afce7a9c4c2022-01-04 14:20:11.960root 11241100x80000000000000004281155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d69baeaeeb565412022-01-04 14:20:11.960root 11241100x80000000000000004281156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6b4104aa8455f72022-01-04 14:20:11.960root 11241100x80000000000000004281157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b014fe5b741066ce2022-01-04 14:20:11.960root 11241100x80000000000000004281158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a229ec6d2ba93f102022-01-04 14:20:11.960root 11241100x80000000000000004281159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd49b6d9ffe2ead2022-01-04 14:20:11.960root 11241100x80000000000000004281160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306f58c155279c32022-01-04 14:20:11.960root 11241100x80000000000000004281161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f977d700d52a042022-01-04 14:20:11.960root 11241100x80000000000000004281162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ddefa1da243ca32022-01-04 14:20:11.961root 11241100x80000000000000004281163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eccec8346c1837d2022-01-04 14:20:11.961root 11241100x80000000000000004281164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72754e70377585152022-01-04 14:20:11.961root 11241100x80000000000000004281165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcc35bc99dceab02022-01-04 14:20:11.961root 11241100x80000000000000004281166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b4371b78d7385e2022-01-04 14:20:11.961root 11241100x80000000000000004281167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04600f8a646d44f2022-01-04 14:20:11.961root 11241100x80000000000000004281168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140efc9352531bea2022-01-04 14:20:12.460root 11241100x80000000000000004281169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c08e6ef2f3bb162022-01-04 14:20:12.460root 11241100x80000000000000004281170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e986935511d0847a2022-01-04 14:20:12.460root 11241100x80000000000000004281171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8d807aeb5956b02022-01-04 14:20:12.460root 11241100x80000000000000004281172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb93a66d622b9402022-01-04 14:20:12.460root 11241100x80000000000000004281173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751009ba00ddab362022-01-04 14:20:12.461root 11241100x80000000000000004281174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa5116f742a09132022-01-04 14:20:12.461root 11241100x80000000000000004281175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a12ac6983b44b82022-01-04 14:20:12.461root 11241100x80000000000000004281176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c80bfed77b2e8fb2022-01-04 14:20:12.462root 11241100x80000000000000004281177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7af8026b44b0f42022-01-04 14:20:12.462root 11241100x80000000000000004281178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c94f7f1d5a81a8c2022-01-04 14:20:12.462root 11241100x80000000000000004281179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21edb8bb5069f4632022-01-04 14:20:12.462root 11241100x80000000000000004281180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5e20e6334065fa2022-01-04 14:20:12.462root 11241100x80000000000000004281181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5371e311a7dbe3342022-01-04 14:20:12.463root 11241100x80000000000000004281182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1327e51eec94162022-01-04 14:20:12.463root 11241100x80000000000000004281183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa9fc8d868eec362022-01-04 14:20:12.463root 11241100x80000000000000004281184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b15f707b891cbd32022-01-04 14:20:12.463root 11241100x80000000000000004281185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c2f00bed6693b42022-01-04 14:20:12.463root 11241100x80000000000000004281186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab69f160df73a7a2022-01-04 14:20:12.960root 11241100x80000000000000004281187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c175104f8e77e22022-01-04 14:20:12.960root 11241100x80000000000000004281188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4565d83ca8e0aea52022-01-04 14:20:12.960root 11241100x80000000000000004281189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299ec00d6e3ec2082022-01-04 14:20:12.960root 11241100x80000000000000004281190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191cda580a15a83a2022-01-04 14:20:12.960root 11241100x80000000000000004281191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853c249327f3cbb72022-01-04 14:20:12.960root 11241100x80000000000000004281192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae14fc64e5f1ac702022-01-04 14:20:12.960root 11241100x80000000000000004281193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2591b23cd970c22022-01-04 14:20:12.960root 11241100x80000000000000004281194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6cc5afd87d8a682022-01-04 14:20:12.961root 11241100x80000000000000004281195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ebf8e82a190f792022-01-04 14:20:12.961root 11241100x80000000000000004281196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1254f93b92979e42022-01-04 14:20:12.961root 11241100x80000000000000004281197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdcdc0ddd242ef42022-01-04 14:20:12.961root 11241100x80000000000000004281198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f9d197659e8a62022-01-04 14:20:12.961root 11241100x80000000000000004281199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb2682acea6c022022-01-04 14:20:12.961root 11241100x80000000000000004281200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9b6727befdd4412022-01-04 14:20:12.961root 11241100x80000000000000004281201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536f4ef73d41a8712022-01-04 14:20:12.961root 11241100x80000000000000004281202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a47b6d9937dd2be2022-01-04 14:20:12.961root 11241100x80000000000000004281203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d0734a7f194e42022-01-04 14:20:12.961root 11241100x80000000000000004281204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ceed1b3cd5d7332022-01-04 14:20:13.459root 11241100x80000000000000004281205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa45b22a7c37aa2022-01-04 14:20:13.459root 11241100x80000000000000004281206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c150d6a0be44185d2022-01-04 14:20:13.459root 11241100x80000000000000004281207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b10befc41495c2022-01-04 14:20:13.459root 11241100x80000000000000004281208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6c3a7ded5c81d2022-01-04 14:20:13.459root 11241100x80000000000000004281209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9cbc4108394af42022-01-04 14:20:13.460root 11241100x80000000000000004281210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83ef56083729f1b2022-01-04 14:20:13.460root 11241100x80000000000000004281211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef5f607fb62b33c2022-01-04 14:20:13.460root 11241100x80000000000000004281212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbb7908414e0e622022-01-04 14:20:13.460root 11241100x80000000000000004281213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96136c9e35b2a2fd2022-01-04 14:20:13.460root 11241100x80000000000000004281214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ec4b50d95c076d2022-01-04 14:20:13.460root 11241100x80000000000000004281215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a059947cfc98c1f42022-01-04 14:20:13.460root 11241100x80000000000000004281216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3ef7a4856dbe842022-01-04 14:20:13.460root 11241100x80000000000000004281217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87688c2add5a6d82022-01-04 14:20:13.460root 11241100x80000000000000004281218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24527e17dbd1ddf92022-01-04 14:20:13.460root 11241100x80000000000000004281219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e1e14502de83f12022-01-04 14:20:13.461root 11241100x80000000000000004281220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a834ffff8581d562022-01-04 14:20:13.461root 11241100x80000000000000004281221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a9fbc2328fdaec2022-01-04 14:20:13.461root 11241100x80000000000000004281222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eb31a47f0b185a2022-01-04 14:20:13.960root 11241100x80000000000000004281223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6a7d8430de3c372022-01-04 14:20:13.960root 11241100x80000000000000004281224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1419844188879d2022-01-04 14:20:13.960root 11241100x80000000000000004281225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7b06b3fc5a611a2022-01-04 14:20:13.960root 11241100x80000000000000004281226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc835a679d73852022-01-04 14:20:13.960root 11241100x80000000000000004281227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47ef783835e94552022-01-04 14:20:13.960root 11241100x80000000000000004281228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bd54b79a14518f2022-01-04 14:20:13.960root 11241100x80000000000000004281229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66ed9a9f86ae6d72022-01-04 14:20:13.960root 11241100x80000000000000004281230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d663dec6640422022-01-04 14:20:13.961root 11241100x80000000000000004281231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d121664869bb202022-01-04 14:20:13.961root 11241100x80000000000000004281232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f98ec56e0901ce2022-01-04 14:20:13.961root 11241100x80000000000000004281233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49f33811e8cbc3d2022-01-04 14:20:13.961root 11241100x80000000000000004281234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d969ace94a6941772022-01-04 14:20:13.961root 11241100x80000000000000004281235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520b7c3c98912c922022-01-04 14:20:13.961root 11241100x80000000000000004281236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2fb3ce6829d362022-01-04 14:20:13.961root 11241100x80000000000000004281237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f63da3bbaa2adc2022-01-04 14:20:13.961root 11241100x80000000000000004281238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c722bbe20188ceac2022-01-04 14:20:13.962root 11241100x80000000000000004281239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4146fad9c51a34892022-01-04 14:20:13.962root 11241100x80000000000000004281240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d311cf6ef9362d2022-01-04 14:20:14.460root 11241100x80000000000000004281241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7660e6b9f8e6272022-01-04 14:20:14.460root 11241100x80000000000000004281242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dc2f30ede92a122022-01-04 14:20:14.460root 11241100x80000000000000004281243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0decbb554f96b12022-01-04 14:20:14.460root 11241100x80000000000000004281244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eefbf8feff275c32022-01-04 14:20:14.460root 11241100x80000000000000004281245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1eab6fd8dcf5362022-01-04 14:20:14.460root 11241100x80000000000000004281246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307537d256c76b62022-01-04 14:20:14.460root 11241100x80000000000000004281247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec32aa5f75c145f42022-01-04 14:20:14.460root 11241100x80000000000000004281248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2524895548d98bf2022-01-04 14:20:14.460root 11241100x80000000000000004281249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371a797cf3af3e832022-01-04 14:20:14.460root 11241100x80000000000000004281250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5180d21f755652022-01-04 14:20:14.461root 11241100x80000000000000004281251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946b55f3293a23092022-01-04 14:20:14.461root 11241100x80000000000000004281252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe8687c859f212c2022-01-04 14:20:14.461root 11241100x80000000000000004281253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c3a12f9142f38e2022-01-04 14:20:14.461root 11241100x80000000000000004281254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b831ebce6dcf8a02022-01-04 14:20:14.461root 11241100x80000000000000004281255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bdb24277093c142022-01-04 14:20:14.461root 11241100x80000000000000004281256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ab830ca2e646bb2022-01-04 14:20:14.461root 11241100x80000000000000004281257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60ebc2e8a0ee512022-01-04 14:20:14.461root 11241100x80000000000000004281258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f16d6f1b9604002022-01-04 14:20:14.960root 11241100x80000000000000004281259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c36faeb334a3af2022-01-04 14:20:14.960root 11241100x80000000000000004281260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb21da9fb0857a112022-01-04 14:20:14.960root 11241100x80000000000000004281261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2146a451b08d10a52022-01-04 14:20:14.960root 11241100x80000000000000004281262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd1c2d0c58421082022-01-04 14:20:14.960root 11241100x80000000000000004281263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fbc7fa270ab8e02022-01-04 14:20:14.960root 11241100x80000000000000004281264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739285cf439d437b2022-01-04 14:20:14.960root 11241100x80000000000000004281265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1297b71fe3c2da12022-01-04 14:20:14.960root 11241100x80000000000000004281266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06050c449a081b572022-01-04 14:20:14.960root 11241100x80000000000000004281267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bf4c9028f8d7902022-01-04 14:20:14.960root 11241100x80000000000000004281268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b748134a0f0602022-01-04 14:20:14.961root 11241100x80000000000000004281269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07dc01a818206e2022-01-04 14:20:14.961root 11241100x80000000000000004281270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddfdf431f1ac7842022-01-04 14:20:14.961root 11241100x80000000000000004281271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9985157521df97fb2022-01-04 14:20:14.961root 11241100x80000000000000004281272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c30386c8d23b422022-01-04 14:20:14.961root 11241100x80000000000000004281273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaa292baa1cc3112022-01-04 14:20:14.961root 11241100x80000000000000004281274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88024ffcf7b33a7e2022-01-04 14:20:14.961root 11241100x80000000000000004281275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36886f561cc8e1e62022-01-04 14:20:14.961root 354300x80000000000000004281276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.229{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41546-false10.0.1.12-8000- 11241100x80000000000000004281277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c4db76062045a42022-01-04 14:20:15.230root 11241100x80000000000000004281278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51049a76ed9f63742022-01-04 14:20:15.231root 11241100x80000000000000004281279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0804847b33b486802022-01-04 14:20:15.231root 11241100x80000000000000004281280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f383c16627f6092022-01-04 14:20:15.231root 11241100x80000000000000004281281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea164212f5474a5a2022-01-04 14:20:15.231root 11241100x80000000000000004281282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e251b55bfe2a162022-01-04 14:20:15.231root 11241100x80000000000000004281283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6114c7a1115d41662022-01-04 14:20:15.231root 11241100x80000000000000004281284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0092619d5e0cf5c22022-01-04 14:20:15.231root 11241100x80000000000000004281285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a413c52028594c02022-01-04 14:20:15.232root 11241100x80000000000000004281286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c052dec2027fb0ef2022-01-04 14:20:15.232root 11241100x80000000000000004281287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7df1fefa163a0d2022-01-04 14:20:15.232root 11241100x80000000000000004281288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f957feb2087bf6922022-01-04 14:20:15.232root 11241100x80000000000000004281289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397a85020c5437322022-01-04 14:20:15.232root 11241100x80000000000000004281290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b74f6c5e7365ab2022-01-04 14:20:15.232root 11241100x80000000000000004281291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25625e14c04a93e2022-01-04 14:20:15.232root 11241100x80000000000000004281292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e4c78f07e99012022-01-04 14:20:15.232root 11241100x80000000000000004281293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720d7f8c8aac59082022-01-04 14:20:15.232root 11241100x80000000000000004281294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11e8c2dd5cf84fb2022-01-04 14:20:15.232root 11241100x80000000000000004281295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9245194d3b48762022-01-04 14:20:15.232root 11241100x80000000000000004281296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e61f6921cecbf5c2022-01-04 14:20:15.709root 11241100x80000000000000004281297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9813b3b8999559762022-01-04 14:20:15.710root 11241100x80000000000000004281298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959cc179465378bf2022-01-04 14:20:15.710root 11241100x80000000000000004281299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bddb15f6fbb07a2022-01-04 14:20:15.711root 11241100x80000000000000004281300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888ad09fc34757d2022-01-04 14:20:15.711root 11241100x80000000000000004281301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b772c20e8d4d2372022-01-04 14:20:15.711root 11241100x80000000000000004281302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad71f2d971f10252022-01-04 14:20:15.711root 11241100x80000000000000004281303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12efae999528824b2022-01-04 14:20:15.711root 11241100x80000000000000004281304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d1d99ebfebb3dd2022-01-04 14:20:15.711root 11241100x80000000000000004281305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea264dca87e7a7e2022-01-04 14:20:15.711root 11241100x80000000000000004281306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876aa5cb5af391762022-01-04 14:20:15.711root 11241100x80000000000000004281307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38b1978e3face852022-01-04 14:20:15.711root 11241100x80000000000000004281308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deab6da54e1133b2022-01-04 14:20:15.712root 11241100x80000000000000004281309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d44014524afb22022-01-04 14:20:15.712root 11241100x80000000000000004281310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1530ba96a337b94c2022-01-04 14:20:15.712root 11241100x80000000000000004281311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cac89b420ee65962022-01-04 14:20:15.712root 11241100x80000000000000004281312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b6b80dcba09bb72022-01-04 14:20:15.712root 11241100x80000000000000004281313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7662f1e297e3e62022-01-04 14:20:15.713root 11241100x80000000000000004281314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840f4fd7f9375292022-01-04 14:20:15.713root 11241100x80000000000000004281315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a368d54577f3f1c12022-01-04 14:20:16.210root 11241100x80000000000000004281316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c65de6eb549aa452022-01-04 14:20:16.210root 11241100x80000000000000004281317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1649089fd0d0a97a2022-01-04 14:20:16.210root 11241100x80000000000000004281318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9519e32d4cffad0e2022-01-04 14:20:16.210root 11241100x80000000000000004281319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaf4e9007f5da882022-01-04 14:20:16.210root 11241100x80000000000000004281320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aced5f974bd31362022-01-04 14:20:16.210root 11241100x80000000000000004281321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bcc5da2e4f68652022-01-04 14:20:16.210root 11241100x80000000000000004281322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d171f05ef9cab22022-01-04 14:20:16.210root 11241100x80000000000000004281323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05926851ffd66a772022-01-04 14:20:16.210root 11241100x80000000000000004281324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d9a3a7a46f3fa62022-01-04 14:20:16.210root 11241100x80000000000000004281325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446c21ae01feeff2022-01-04 14:20:16.210root 11241100x80000000000000004281326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd881c12775d5412022-01-04 14:20:16.210root 11241100x80000000000000004281327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6df1de3c6652e22022-01-04 14:20:16.210root 11241100x80000000000000004281328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a826bf519af617222022-01-04 14:20:16.210root 11241100x80000000000000004281329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892da538fbe001a72022-01-04 14:20:16.211root 11241100x80000000000000004281330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8e2f4479983aed2022-01-04 14:20:16.211root 11241100x80000000000000004281331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6b2e5f74959f22022-01-04 14:20:16.211root 11241100x80000000000000004281332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc626c15d59728f2022-01-04 14:20:16.211root 11241100x80000000000000004281333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d173e3b20d89d39c2022-01-04 14:20:16.211root 11241100x80000000000000004281334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c3386155fbeb0b2022-01-04 14:20:16.710root 11241100x80000000000000004281335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce639d48e925de882022-01-04 14:20:16.710root 11241100x80000000000000004281336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5e0f6b76fddf6b2022-01-04 14:20:16.710root 11241100x80000000000000004281337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c594bc7b69774b2022-01-04 14:20:16.710root 11241100x80000000000000004281338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2696bd9600dfc19e2022-01-04 14:20:16.710root 11241100x80000000000000004281339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555e6fd1e2eb3dbe2022-01-04 14:20:16.710root 11241100x80000000000000004281340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32d2f71984e95eb2022-01-04 14:20:16.710root 11241100x80000000000000004281341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe31a23cd8b6cee2022-01-04 14:20:16.710root 11241100x80000000000000004281342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b49b3369f647e2022-01-04 14:20:16.710root 11241100x80000000000000004281343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd85f48076fbb77e2022-01-04 14:20:16.710root 11241100x80000000000000004281344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024791235fe0c8e2022-01-04 14:20:16.710root 11241100x80000000000000004281345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd5dd4acf9c6dd2022-01-04 14:20:16.711root 11241100x80000000000000004281346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2809f50fa4739a932022-01-04 14:20:16.711root 11241100x80000000000000004281347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52620f46f35907aa2022-01-04 14:20:16.711root 11241100x80000000000000004281348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6124da73eac5cc92022-01-04 14:20:16.711root 11241100x80000000000000004281349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7219e837e026b852022-01-04 14:20:16.711root 11241100x80000000000000004281350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a80a2be1df5c7a2022-01-04 14:20:16.711root 11241100x80000000000000004281351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f19027ba09490bf2022-01-04 14:20:16.711root 11241100x80000000000000004281352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a22169bdadad1242022-01-04 14:20:16.711root 11241100x80000000000000004281353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7026a4be2d39232022-01-04 14:20:17.209root 11241100x80000000000000004281354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b1b62e5cd3a27f2022-01-04 14:20:17.209root 11241100x80000000000000004281355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513b5a51f64a2dfe2022-01-04 14:20:17.209root 11241100x80000000000000004281356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06070446a97b6a642022-01-04 14:20:17.209root 11241100x80000000000000004281357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3342ec2be89c27bf2022-01-04 14:20:17.209root 11241100x80000000000000004281358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30aece5a356fc722022-01-04 14:20:17.209root 11241100x80000000000000004281359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83d0dafce3030a52022-01-04 14:20:17.210root 11241100x80000000000000004281360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40ea771239f4e552022-01-04 14:20:17.210root 11241100x80000000000000004281361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9ab8373f89b4b72022-01-04 14:20:17.210root 11241100x80000000000000004281362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749123b68e715752022-01-04 14:20:17.210root 11241100x80000000000000004281363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67ff105f5f6ca062022-01-04 14:20:17.210root 11241100x80000000000000004281364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ef47b9a7b0b1242022-01-04 14:20:17.210root 11241100x80000000000000004281365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10373dc962168eb22022-01-04 14:20:17.210root 11241100x80000000000000004281366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955af6d45997df242022-01-04 14:20:17.210root 11241100x80000000000000004281367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f4791c7478dfc02022-01-04 14:20:17.210root 11241100x80000000000000004281368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a051b2fa801587b2022-01-04 14:20:17.210root 11241100x80000000000000004281369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c470a6481c96b32022-01-04 14:20:17.210root 11241100x80000000000000004281370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e54b94e5700cd0c2022-01-04 14:20:17.211root 11241100x80000000000000004281371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08a82b2051fc1f12022-01-04 14:20:17.211root 11241100x80000000000000004281372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9cfed213d9dd9e2022-01-04 14:20:17.710root 11241100x80000000000000004281373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e6b7c5a4d680862022-01-04 14:20:17.710root 11241100x80000000000000004281374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a103cc16ac8c842022-01-04 14:20:17.710root 11241100x80000000000000004281375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5366ba4796ab92022-01-04 14:20:17.710root 11241100x80000000000000004281376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8601aa7af7b6f72022-01-04 14:20:17.710root 11241100x80000000000000004281377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58b638c931a2aa72022-01-04 14:20:17.710root 11241100x80000000000000004281378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68a0ede892a5d72022-01-04 14:20:17.710root 11241100x80000000000000004281379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9be84eb8b685f992022-01-04 14:20:17.711root 11241100x80000000000000004281380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2e126b9d5f2a6d2022-01-04 14:20:17.711root 11241100x80000000000000004281381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d62c583a600242022-01-04 14:20:17.711root 11241100x80000000000000004281382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f507466737b7f952022-01-04 14:20:17.711root 11241100x80000000000000004281383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f187fda47bf76e2022-01-04 14:20:17.711root 11241100x80000000000000004281384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5668fdfbb9995c2022-01-04 14:20:17.711root 11241100x80000000000000004281385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc359854bdaacdf12022-01-04 14:20:17.711root 11241100x80000000000000004281386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512075ef3d9eaad2022-01-04 14:20:17.711root 11241100x80000000000000004281387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1993e21f5881e2e2022-01-04 14:20:17.711root 11241100x80000000000000004281388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77664cd76bda7d2022-01-04 14:20:17.711root 11241100x80000000000000004281389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac15bea9ebc0d8ea2022-01-04 14:20:17.711root 11241100x80000000000000004281390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617f139433a6a4082022-01-04 14:20:17.711root 11241100x80000000000000004281391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d585b1f008a4ef2022-01-04 14:20:18.210root 11241100x80000000000000004281392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb9d8a593f262f2022-01-04 14:20:18.210root 11241100x80000000000000004281393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddba5a67af972fe2022-01-04 14:20:18.210root 11241100x80000000000000004281394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d756fcf4a33406902022-01-04 14:20:18.210root 11241100x80000000000000004281395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dcf9f1eff6077c2022-01-04 14:20:18.210root 11241100x80000000000000004281396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f28da0ebac71f0e2022-01-04 14:20:18.210root 11241100x80000000000000004281397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3cf31c507aca452022-01-04 14:20:18.210root 11241100x80000000000000004281398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504fcd9fb272e69b2022-01-04 14:20:18.210root 11241100x80000000000000004281399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51a1eb72135520e2022-01-04 14:20:18.210root 11241100x80000000000000004281400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a32f6805223c7d62022-01-04 14:20:18.210root 11241100x80000000000000004281401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce3fbcf09fb853d2022-01-04 14:20:18.210root 11241100x80000000000000004281402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f655d694a0c8a452022-01-04 14:20:18.211root 11241100x80000000000000004281403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3a1045d8a54fcd2022-01-04 14:20:18.211root 11241100x80000000000000004281404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57de5d1a418dac2022-01-04 14:20:18.211root 11241100x80000000000000004281405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f1afd61600f7bb2022-01-04 14:20:18.211root 11241100x80000000000000004281406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a44093dba9a2c22022-01-04 14:20:18.211root 11241100x80000000000000004281407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402fd614a14e83d82022-01-04 14:20:18.211root 11241100x80000000000000004281408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33d58395d8a9e8b2022-01-04 14:20:18.211root 11241100x80000000000000004281409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cee8407765001f2022-01-04 14:20:18.211root 11241100x80000000000000004281410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a512b457900e7ec2022-01-04 14:20:18.709root 11241100x80000000000000004281411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088db0ab752d359b2022-01-04 14:20:18.710root 11241100x80000000000000004281412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6303816a95679f2022-01-04 14:20:18.710root 11241100x80000000000000004281413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4935f2e2da2422022-01-04 14:20:18.710root 11241100x80000000000000004281414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15537c07fc2a5262022-01-04 14:20:18.710root 11241100x80000000000000004281415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21018563cc46929d2022-01-04 14:20:18.710root 11241100x80000000000000004281416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a963a884aca2d12022-01-04 14:20:18.710root 11241100x80000000000000004281417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79cdf5af5c47a752022-01-04 14:20:18.710root 11241100x80000000000000004281418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4254dce7ae3ea1c62022-01-04 14:20:18.710root 11241100x80000000000000004281419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeb052708d235562022-01-04 14:20:18.710root 11241100x80000000000000004281420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4832d1d51f354d2022-01-04 14:20:18.711root 11241100x80000000000000004281421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2372e74923d90bd2022-01-04 14:20:18.711root 11241100x80000000000000004281422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0358380e23d4774f2022-01-04 14:20:18.711root 11241100x80000000000000004281423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137e5c15c6b769af2022-01-04 14:20:18.711root 11241100x80000000000000004281424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c04c318ca74642022-01-04 14:20:18.711root 11241100x80000000000000004281425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b46a4bc6a0344642022-01-04 14:20:18.711root 11241100x80000000000000004281426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f982fa6d5d49fe2022-01-04 14:20:18.711root 11241100x80000000000000004281427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9085065ca193a1e2022-01-04 14:20:18.711root 11241100x80000000000000004281428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1167740526b5520c2022-01-04 14:20:18.711root 11241100x80000000000000004281429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7ed93cc0fc99cc2022-01-04 14:20:19.210root 11241100x80000000000000004281430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681e0f2501022ff22022-01-04 14:20:19.210root 11241100x80000000000000004281431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee809dfdacbf89b2022-01-04 14:20:19.210root 11241100x80000000000000004281432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea3fa9761251e0d2022-01-04 14:20:19.210root 11241100x80000000000000004281433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6b99303b6d859d2022-01-04 14:20:19.210root 11241100x80000000000000004281434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2788b8d274c30c2022-01-04 14:20:19.210root 11241100x80000000000000004281435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4f1ca6fc4c8c72022-01-04 14:20:19.210root 11241100x80000000000000004281436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e277c5b57c66902022-01-04 14:20:19.210root 11241100x80000000000000004281437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5939604cd94fdc92022-01-04 14:20:19.210root 11241100x80000000000000004281438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a9482c66dbdae2022-01-04 14:20:19.211root 11241100x80000000000000004281439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478e970986400fde2022-01-04 14:20:19.211root 11241100x80000000000000004281440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69aa302de236e12022-01-04 14:20:19.211root 11241100x80000000000000004281441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1520598baf1626e62022-01-04 14:20:19.211root 11241100x80000000000000004281442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897b2b3e1145f3fb2022-01-04 14:20:19.211root 11241100x80000000000000004281443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6748dd5773c3a85d2022-01-04 14:20:19.211root 11241100x80000000000000004281444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97028903dd11d692022-01-04 14:20:19.211root 11241100x80000000000000004281445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5ca7f3a96f84ff2022-01-04 14:20:19.211root 11241100x80000000000000004281446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f425e518c78d9af52022-01-04 14:20:19.211root 11241100x80000000000000004281447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e781b0e22dfdda92022-01-04 14:20:19.211root 11241100x80000000000000004281448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51266bd3e778d53c2022-01-04 14:20:19.709root 11241100x80000000000000004281449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68da6937792016382022-01-04 14:20:19.709root 11241100x80000000000000004281450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47d3b8ee32cd4e02022-01-04 14:20:19.709root 11241100x80000000000000004281451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b1aa1c48b9cb652022-01-04 14:20:19.710root 11241100x80000000000000004281452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae75e28ca92d3f612022-01-04 14:20:19.710root 11241100x80000000000000004281453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc1cc1399c558f52022-01-04 14:20:19.710root 11241100x80000000000000004281454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf1df8469a76f212022-01-04 14:20:19.710root 11241100x80000000000000004281455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e6ab8300558f5a2022-01-04 14:20:19.710root 11241100x80000000000000004281456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdd945f8db445252022-01-04 14:20:19.710root 11241100x80000000000000004281457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b55822a3af4c93a2022-01-04 14:20:19.710root 11241100x80000000000000004281458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb7ec8e5d2444492022-01-04 14:20:19.710root 11241100x80000000000000004281459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33db4943f2d7798c2022-01-04 14:20:19.710root 11241100x80000000000000004281460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea944592f2ee0302022-01-04 14:20:19.710root 11241100x80000000000000004281461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b70cb1e84384ed82022-01-04 14:20:19.710root 11241100x80000000000000004281462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99676c01afb09fa92022-01-04 14:20:19.710root 11241100x80000000000000004281463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4451ad42a40c872022-01-04 14:20:19.710root 11241100x80000000000000004281464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd033b298de29d2022-01-04 14:20:19.711root 11241100x80000000000000004281465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7a76e023df70f2022-01-04 14:20:19.711root 11241100x80000000000000004281466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b7b38ebaf5d822022-01-04 14:20:19.711root 11241100x80000000000000004281467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f940fbd7401536482022-01-04 14:20:20.210root 11241100x80000000000000004281468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b4e3eabf7242472022-01-04 14:20:20.210root 11241100x80000000000000004281469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e72d82e211dacb2022-01-04 14:20:20.210root 11241100x80000000000000004281470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2922cad21c4a660e2022-01-04 14:20:20.210root 11241100x80000000000000004281471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49401f466bb5844b2022-01-04 14:20:20.210root 11241100x80000000000000004281472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515f19ac38fe4e942022-01-04 14:20:20.210root 11241100x80000000000000004281473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dfa4ea60f786412022-01-04 14:20:20.210root 11241100x80000000000000004281474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31da1717a4e94a482022-01-04 14:20:20.210root 11241100x80000000000000004281475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc654e549c6874e2022-01-04 14:20:20.210root 11241100x80000000000000004281476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bbb29c37ffb5452022-01-04 14:20:20.211root 11241100x80000000000000004281477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf1c21311c2b5c32022-01-04 14:20:20.211root 11241100x80000000000000004281478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c989cf5efa01eae2022-01-04 14:20:20.211root 11241100x80000000000000004281479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3b849be24085082022-01-04 14:20:20.211root 11241100x80000000000000004281480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8239d49ad94c7bf62022-01-04 14:20:20.211root 11241100x80000000000000004281481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05056f840588eef82022-01-04 14:20:20.211root 11241100x80000000000000004281482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89111033b43a49f2022-01-04 14:20:20.211root 11241100x80000000000000004281483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06e5a1f71dd117e2022-01-04 14:20:20.211root 11241100x80000000000000004281484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bcc7289e01aedc2022-01-04 14:20:20.211root 11241100x80000000000000004281485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093f2f0cec081de32022-01-04 14:20:20.211root 11241100x80000000000000004281486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60aa9ffb6b27d722022-01-04 14:20:20.709root 11241100x80000000000000004281487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50ef20e2ca093eb2022-01-04 14:20:20.709root 11241100x80000000000000004281488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0ee32b55b510932022-01-04 14:20:20.709root 11241100x80000000000000004281489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ff4294220d94512022-01-04 14:20:20.709root 11241100x80000000000000004281490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f342739771834f0d2022-01-04 14:20:20.709root 11241100x80000000000000004281491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3840f0e2b876b2102022-01-04 14:20:20.710root 11241100x80000000000000004281492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3572597163974d72022-01-04 14:20:20.710root 11241100x80000000000000004281493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f77691dbf9ec32022-01-04 14:20:20.710root 11241100x80000000000000004281494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7285efd03dd5f92022-01-04 14:20:20.710root 11241100x80000000000000004281495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04bdad5f23822382022-01-04 14:20:20.710root 11241100x80000000000000004281496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362454490a22781d2022-01-04 14:20:20.710root 11241100x80000000000000004281497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d9ae3ff172c842022-01-04 14:20:20.710root 11241100x80000000000000004281498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5916fb6ea1f869a32022-01-04 14:20:20.710root 11241100x80000000000000004281499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b03f64191c4571b2022-01-04 14:20:20.710root 11241100x80000000000000004281500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf63a7e78d2056c02022-01-04 14:20:20.711root 11241100x80000000000000004281501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b92cfa01f5f05622022-01-04 14:20:20.711root 11241100x80000000000000004281502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389eaf2ebc6d94432022-01-04 14:20:20.711root 11241100x80000000000000004281503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab408de45f148d972022-01-04 14:20:20.711root 11241100x80000000000000004281504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1adfdb67825e282022-01-04 14:20:20.711root 354300x80000000000000004281505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.101{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41548-false10.0.1.12-8000- 11241100x80000000000000004281506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16bce2e5970ad982022-01-04 14:20:21.102root 11241100x80000000000000004281507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23061e2653ff53bb2022-01-04 14:20:21.102root 11241100x80000000000000004281508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580bf956a51260f72022-01-04 14:20:21.102root 11241100x80000000000000004281509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b05548d2fde67502022-01-04 14:20:21.102root 11241100x80000000000000004281510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f566a47c59dbf12022-01-04 14:20:21.102root 11241100x80000000000000004281511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc21fa55b5efc12022-01-04 14:20:21.102root 11241100x80000000000000004281512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284244a94fdd66132022-01-04 14:20:21.102root 11241100x80000000000000004281513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ae76cd69287f122022-01-04 14:20:21.102root 11241100x80000000000000004281514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7173dc56482211a02022-01-04 14:20:21.102root 11241100x80000000000000004281515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a5ad4e785f4b202022-01-04 14:20:21.103root 11241100x80000000000000004281516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b111f0349c5e312022-01-04 14:20:21.103root 11241100x80000000000000004281517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059b3a2d14cc32e32022-01-04 14:20:21.103root 11241100x80000000000000004281518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c183cdb44c0d6a2022-01-04 14:20:21.103root 11241100x80000000000000004281519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15b4279ec856d592022-01-04 14:20:21.103root 11241100x80000000000000004281520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc56f3671053a7482022-01-04 14:20:21.103root 11241100x80000000000000004281521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39a87388a5a74712022-01-04 14:20:21.104root 11241100x80000000000000004281522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e020ae81097054b22022-01-04 14:20:21.104root 11241100x80000000000000004281523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cf7e1edb9ba26d2022-01-04 14:20:21.104root 11241100x80000000000000004281524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dc2d1c759ccce52022-01-04 14:20:21.104root 11241100x80000000000000004281525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43bccd0fffae49d2022-01-04 14:20:21.104root 11241100x80000000000000004281526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22b56d38c8e5d2d2022-01-04 14:20:21.104root 11241100x80000000000000004281527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd869dcfe1e2dc92022-01-04 14:20:21.104root 11241100x80000000000000004281528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83f17204a7790e92022-01-04 14:20:21.104root 11241100x80000000000000004281529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f348544ee127542022-01-04 14:20:21.104root 11241100x80000000000000004281530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6059a22660d29a2022-01-04 14:20:21.105root 11241100x80000000000000004281531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad452f33bf09d62022-01-04 14:20:21.105root 11241100x80000000000000004281532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f57a5d8d3e738c2022-01-04 14:20:21.105root 11241100x80000000000000004281533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec6a4d07e5227722022-01-04 14:20:21.105root 11241100x80000000000000004281534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c09312823a8ae42022-01-04 14:20:21.105root 11241100x80000000000000004281535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb3116791a81e402022-01-04 14:20:21.105root 11241100x80000000000000004281536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4936100f513c03f2022-01-04 14:20:21.106root 11241100x80000000000000004281537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c01be3629453a2022-01-04 14:20:21.106root 11241100x80000000000000004281538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9f8bea9f2df5352022-01-04 14:20:21.460root 11241100x80000000000000004281539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacf41ca964962132022-01-04 14:20:21.460root 11241100x80000000000000004281540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dde0f1c09f57c12022-01-04 14:20:21.460root 11241100x80000000000000004281541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1ea65d4fe747a52022-01-04 14:20:21.460root 11241100x80000000000000004281542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4988c9708164fa22022-01-04 14:20:21.460root 11241100x80000000000000004281543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d405405e166a94b82022-01-04 14:20:21.460root 11241100x80000000000000004281544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ce5b176408cfd2022-01-04 14:20:21.460root 11241100x80000000000000004281545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24393277719f6a82022-01-04 14:20:21.461root 11241100x80000000000000004281546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df7167a4c2b75eb2022-01-04 14:20:21.461root 11241100x80000000000000004281547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb0d8113287aa172022-01-04 14:20:21.461root 11241100x80000000000000004281548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24789ec3e61337762022-01-04 14:20:21.461root 11241100x80000000000000004281549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c61f61d9701a5112022-01-04 14:20:21.461root 11241100x80000000000000004281550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae4ddb4e28d046b2022-01-04 14:20:21.461root 11241100x80000000000000004281551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b150f482f1cf24a2022-01-04 14:20:21.461root 11241100x80000000000000004281552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de196daba8a5571b2022-01-04 14:20:21.461root 11241100x80000000000000004281553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85cade4568254f22022-01-04 14:20:21.461root 11241100x80000000000000004281554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4389377668a2b92022-01-04 14:20:21.461root 11241100x80000000000000004281555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612192093eeaa9082022-01-04 14:20:21.462root 11241100x80000000000000004281556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dfd1ae6b39934c2022-01-04 14:20:21.462root 11241100x80000000000000004281557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331403870879094e2022-01-04 14:20:21.462root 11241100x80000000000000004281558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad7c276afee0b152022-01-04 14:20:21.959root 11241100x80000000000000004281559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490867a5ea60dafc2022-01-04 14:20:21.960root 11241100x80000000000000004281560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980020558ccbf5a2022-01-04 14:20:21.960root 11241100x80000000000000004281561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a705c42d51a2ec62022-01-04 14:20:21.960root 11241100x80000000000000004281562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8c0bfedc5ba0912022-01-04 14:20:21.960root 11241100x80000000000000004281563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a323781e37f31a2022-01-04 14:20:21.960root 11241100x80000000000000004281564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffda700b69c317d92022-01-04 14:20:21.960root 11241100x80000000000000004281565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3876f8ef7c77f79d2022-01-04 14:20:21.960root 11241100x80000000000000004281566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9315e20c020bbe872022-01-04 14:20:21.960root 11241100x80000000000000004281567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205b53b348782d4e2022-01-04 14:20:21.960root 11241100x80000000000000004281568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2ed1206ffa18302022-01-04 14:20:21.960root 11241100x80000000000000004281569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edc5f9b7e3732e2022-01-04 14:20:21.960root 11241100x80000000000000004281570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9db4f842ee11182022-01-04 14:20:21.960root 11241100x80000000000000004281571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531a8eeea50950482022-01-04 14:20:21.961root 11241100x80000000000000004281572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cc0ccb23f73fc22022-01-04 14:20:21.961root 11241100x80000000000000004281573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b51dff623478882022-01-04 14:20:21.961root 11241100x80000000000000004281574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0607a6f1a1e573802022-01-04 14:20:21.961root 11241100x80000000000000004281575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de2e4de46b173ec2022-01-04 14:20:21.961root 11241100x80000000000000004281576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0634b3bf8810120e2022-01-04 14:20:21.961root 11241100x80000000000000004281577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49fba09836961732022-01-04 14:20:21.961root 11241100x80000000000000004281578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6d5e42ba7bf2f2022-01-04 14:20:22.459root 11241100x80000000000000004281579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1728269f8709af3f2022-01-04 14:20:22.459root 11241100x80000000000000004281580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef6f6d0396379292022-01-04 14:20:22.459root 11241100x80000000000000004281581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b69afdd143e788a2022-01-04 14:20:22.459root 11241100x80000000000000004281582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06847deb5cd023c42022-01-04 14:20:22.459root 11241100x80000000000000004281583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0efded92e640ac2022-01-04 14:20:22.459root 11241100x80000000000000004281584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266a5dfe7b71fbd12022-01-04 14:20:22.459root 11241100x80000000000000004281585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328c66690456b0f2022-01-04 14:20:22.460root 11241100x80000000000000004281586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d78bb96c776592022-01-04 14:20:22.460root 11241100x80000000000000004281587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3c0ca208ecb5a2022-01-04 14:20:22.460root 11241100x80000000000000004281588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191fbef0aeb6e05d2022-01-04 14:20:22.460root 11241100x80000000000000004281589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a198ee13d0ce8812022-01-04 14:20:22.460root 11241100x80000000000000004281590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5061362773cad32022-01-04 14:20:22.460root 11241100x80000000000000004281591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106f8560bed38b242022-01-04 14:20:22.460root 11241100x80000000000000004281592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c742248e8bf70b252022-01-04 14:20:22.460root 11241100x80000000000000004281593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ea1ba583e74f692022-01-04 14:20:22.460root 11241100x80000000000000004281594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b37ec3238a1712022-01-04 14:20:22.460root 11241100x80000000000000004281595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9570ec1e68eba862022-01-04 14:20:22.460root 11241100x80000000000000004281596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f846f31fe0bda22022-01-04 14:20:22.460root 11241100x80000000000000004281597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eeb10109174c9e2022-01-04 14:20:22.461root 11241100x80000000000000004281598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b13fe6b6eb38622022-01-04 14:20:22.461root 11241100x80000000000000004281599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bb8bb91d0945af2022-01-04 14:20:22.461root 11241100x80000000000000004281600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda4befe55d908f62022-01-04 14:20:22.461root 11241100x80000000000000004281601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cdbda7d946645c2022-01-04 14:20:22.461root 11241100x80000000000000004281602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4778f211846b5a9c2022-01-04 14:20:22.461root 11241100x80000000000000004281603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc37f1f0c086232f2022-01-04 14:20:22.461root 11241100x80000000000000004281604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f407a663e110987c2022-01-04 14:20:22.461root 11241100x80000000000000004281605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c2e6fc1d00d5442022-01-04 14:20:22.461root 11241100x80000000000000004281606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c85cafdee847ba2022-01-04 14:20:22.461root 11241100x80000000000000004281607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b606fdff9b2a6fee2022-01-04 14:20:22.461root 11241100x80000000000000004281608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9f69fd26df67f22022-01-04 14:20:22.461root 11241100x80000000000000004281609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc669fbb3919477b2022-01-04 14:20:22.960root 11241100x80000000000000004281610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4677807d8c8ad2d2022-01-04 14:20:22.960root 11241100x80000000000000004281611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeda672af648c52f2022-01-04 14:20:22.960root 11241100x80000000000000004281612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca44ee86c98a30fc2022-01-04 14:20:22.960root 11241100x80000000000000004281613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28509f33dae48e352022-01-04 14:20:22.960root 11241100x80000000000000004281614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e9e34666b1a3fe2022-01-04 14:20:22.960root 11241100x80000000000000004281615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b965cb55e9eda2022-01-04 14:20:22.961root 11241100x80000000000000004281616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eea560391504fb2022-01-04 14:20:22.961root 11241100x80000000000000004281617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7392aed2e22f56e42022-01-04 14:20:22.961root 11241100x80000000000000004281618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9179d476a1ce15c22022-01-04 14:20:22.961root 11241100x80000000000000004281619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a5dbaef9cd38a12022-01-04 14:20:22.961root 11241100x80000000000000004281620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46a0c4fce4ce4c82022-01-04 14:20:22.961root 11241100x80000000000000004281621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee41b3852bb750d82022-01-04 14:20:22.962root 11241100x80000000000000004281622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3a5e7d4829acd52022-01-04 14:20:22.962root 11241100x80000000000000004281623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7033b897a2386e122022-01-04 14:20:22.962root 11241100x80000000000000004281624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2096b2426b4cf3572022-01-04 14:20:22.962root 11241100x80000000000000004281625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa1c1ff5abd39d2022-01-04 14:20:22.962root 11241100x80000000000000004281626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d00944451397b2022-01-04 14:20:22.962root 11241100x80000000000000004281627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e60a7a5e3efdd5f2022-01-04 14:20:22.962root 11241100x80000000000000004281628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7ad52c0df962282022-01-04 14:20:22.963root 11241100x80000000000000004281629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76264cdbfd7617852022-01-04 14:20:23.459root 11241100x80000000000000004281630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ff68bedb8e30ec2022-01-04 14:20:23.460root 11241100x80000000000000004281631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f90ec7f903b5b5f2022-01-04 14:20:23.460root 11241100x80000000000000004281632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816d8da3cf85559a2022-01-04 14:20:23.460root 11241100x80000000000000004281633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbe2272fdfb8ec2022-01-04 14:20:23.460root 11241100x80000000000000004281634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb8c77ff9507e032022-01-04 14:20:23.460root 11241100x80000000000000004281635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f77713971aa96a92022-01-04 14:20:23.460root 11241100x80000000000000004281636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1a30fa7836384c2022-01-04 14:20:23.460root 11241100x80000000000000004281637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b742133e3571a682022-01-04 14:20:23.460root 11241100x80000000000000004281638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d27375f67a1fc2022-01-04 14:20:23.460root 11241100x80000000000000004281639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ed29ca71f5c22c2022-01-04 14:20:23.460root 11241100x80000000000000004281640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d1b1abfca155242022-01-04 14:20:23.460root 11241100x80000000000000004281641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dd6ad4d7096d192022-01-04 14:20:23.460root 11241100x80000000000000004281642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8b990bf4644e932022-01-04 14:20:23.460root 11241100x80000000000000004281643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7b59ed255193d22022-01-04 14:20:23.460root 11241100x80000000000000004281644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6db231f57c67e0b2022-01-04 14:20:23.461root 11241100x80000000000000004281645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f3e382415fdd9f2022-01-04 14:20:23.461root 11241100x80000000000000004281646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d36683b2d9dbae82022-01-04 14:20:23.461root 11241100x80000000000000004281647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb6868c2b368f92022-01-04 14:20:23.461root 11241100x80000000000000004281648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135f7ad98b1b1d742022-01-04 14:20:23.461root 11241100x80000000000000004281649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c069b737ee5c012022-01-04 14:20:23.959root 11241100x80000000000000004281650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42444d18c82b1a292022-01-04 14:20:23.959root 11241100x80000000000000004281651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1c4c43867dff712022-01-04 14:20:23.959root 11241100x80000000000000004281652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb273c1d6d5d3c572022-01-04 14:20:23.959root 11241100x80000000000000004281653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14533fdb9beee4902022-01-04 14:20:23.960root 11241100x80000000000000004281654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1504747dc1a5232022-01-04 14:20:23.960root 11241100x80000000000000004281655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922368d309877792022-01-04 14:20:23.960root 11241100x80000000000000004281656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b199fb65d77eb6a62022-01-04 14:20:23.960root 11241100x80000000000000004281657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae378c77ba3ee52022-01-04 14:20:23.960root 11241100x80000000000000004281658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b4322514cabcd2022-01-04 14:20:23.960root 11241100x80000000000000004281659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca109c909e55a512022-01-04 14:20:23.960root 11241100x80000000000000004281660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6823f2a5ef5a52db2022-01-04 14:20:23.960root 11241100x80000000000000004281661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48470c72aec9f7c12022-01-04 14:20:23.960root 11241100x80000000000000004281662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34494510284e76ad2022-01-04 14:20:23.960root 11241100x80000000000000004281663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e138553ab83d26a92022-01-04 14:20:23.960root 11241100x80000000000000004281664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe8965e9fecab102022-01-04 14:20:23.960root 11241100x80000000000000004281665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e54b8fea9b3fee92022-01-04 14:20:23.960root 11241100x80000000000000004281666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8614b648885d7b92022-01-04 14:20:23.961root 11241100x80000000000000004281667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069a756ce254bfdf2022-01-04 14:20:23.961root 11241100x80000000000000004281668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62d5a5626438d022022-01-04 14:20:23.961root 11241100x80000000000000004281669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8021860c5f2e24f2022-01-04 14:20:24.459root 11241100x80000000000000004281670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295e4aab3387da412022-01-04 14:20:24.459root 11241100x80000000000000004281671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0631c82f7faf94b32022-01-04 14:20:24.459root 11241100x80000000000000004281672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41feffcb0271842c2022-01-04 14:20:24.460root 11241100x80000000000000004281673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b684f52d25e4c52022-01-04 14:20:24.460root 11241100x80000000000000004281674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96725385a74678002022-01-04 14:20:24.460root 11241100x80000000000000004281675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e046f605a6eeda102022-01-04 14:20:24.460root 11241100x80000000000000004281676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8d7f9c152932102022-01-04 14:20:24.460root 11241100x80000000000000004281677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf889a7201fb4fb2022-01-04 14:20:24.460root 11241100x80000000000000004281678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5619ee4e00fd532022-01-04 14:20:24.460root 11241100x80000000000000004281679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0aabf572ddf2422022-01-04 14:20:24.460root 11241100x80000000000000004281680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fd33da3a0d629f2022-01-04 14:20:24.460root 11241100x80000000000000004281681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67d99273393f072022-01-04 14:20:24.461root 11241100x80000000000000004281682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361011882eec24cd2022-01-04 14:20:24.461root 11241100x80000000000000004281683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b53dd970d943cef2022-01-04 14:20:24.461root 11241100x80000000000000004281684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187827c89c477e2d2022-01-04 14:20:24.461root 11241100x80000000000000004281685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ea0f719bef0c492022-01-04 14:20:24.461root 11241100x80000000000000004281686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb949787229d3d52022-01-04 14:20:24.461root 11241100x80000000000000004281687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc77ebd7a4663dfc2022-01-04 14:20:24.461root 11241100x80000000000000004281688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ea9df54a567e862022-01-04 14:20:24.461root 11241100x80000000000000004281689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32020728ba41ac82022-01-04 14:20:24.461root 11241100x80000000000000004281690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52033640c191b4e12022-01-04 14:20:24.461root 11241100x80000000000000004281691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d291e1b75009f62022-01-04 14:20:24.461root 11241100x80000000000000004281692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cec6337214ae80b2022-01-04 14:20:24.461root 11241100x80000000000000004281693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc89ea438c89cd72022-01-04 14:20:24.960root 11241100x80000000000000004281694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4546b78f98ad61af2022-01-04 14:20:24.960root 11241100x80000000000000004281695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c62f4e4303d39ee2022-01-04 14:20:24.960root 11241100x80000000000000004281696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7037b79a80af0eea2022-01-04 14:20:24.960root 11241100x80000000000000004281697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164fd5eadf1b87032022-01-04 14:20:24.961root 11241100x80000000000000004281698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f1eec2006bb0662022-01-04 14:20:24.961root 11241100x80000000000000004281699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71563ba4c33890de2022-01-04 14:20:24.962root 11241100x80000000000000004281700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2f9a3672dbce442022-01-04 14:20:24.962root 11241100x80000000000000004281701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53efc2f2669eebb12022-01-04 14:20:24.962root 11241100x80000000000000004281702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99f99d43eff65c02022-01-04 14:20:24.962root 11241100x80000000000000004281703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b0540c976649b72022-01-04 14:20:24.962root 11241100x80000000000000004281704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeaf07d4fbb481f2022-01-04 14:20:24.963root 11241100x80000000000000004281705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3f04ab74040c8f2022-01-04 14:20:24.963root 11241100x80000000000000004281706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3281f5e3c05dab2022-01-04 14:20:24.963root 11241100x80000000000000004281707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d7ebf6571a52ca2022-01-04 14:20:24.963root 11241100x80000000000000004281708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a1590ef426833b2022-01-04 14:20:24.963root 11241100x80000000000000004281709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241036c2a8b6c21d2022-01-04 14:20:24.963root 11241100x80000000000000004281710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2408faffbd9c91a82022-01-04 14:20:24.963root 11241100x80000000000000004281711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e0c5dd64224a782022-01-04 14:20:24.963root 11241100x80000000000000004281712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:24.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4766b17545d0cb82022-01-04 14:20:24.964root 11241100x80000000000000004281713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf5ecc3266c9d132022-01-04 14:20:25.459root 11241100x80000000000000004281714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfbbedea70aee52022-01-04 14:20:25.460root 11241100x80000000000000004281715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0d635ddc43d3142022-01-04 14:20:25.460root 11241100x80000000000000004281716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f4f1d12cc105872022-01-04 14:20:25.460root 11241100x80000000000000004281717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e23f939dafe51752022-01-04 14:20:25.460root 11241100x80000000000000004281718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbfd3388fd9876d2022-01-04 14:20:25.460root 11241100x80000000000000004281719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70a982781b1f0ea2022-01-04 14:20:25.460root 11241100x80000000000000004281720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619db7e67bf64a042022-01-04 14:20:25.460root 11241100x80000000000000004281721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf74584e91510f082022-01-04 14:20:25.460root 11241100x80000000000000004281722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4998a0da9d51e9382022-01-04 14:20:25.460root 11241100x80000000000000004281723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6201828f2e2f24f92022-01-04 14:20:25.460root 11241100x80000000000000004281724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889164b4b1c1d4852022-01-04 14:20:25.460root 11241100x80000000000000004281725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd40539d6f8649c2022-01-04 14:20:25.460root 11241100x80000000000000004281726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c265840180cb5062022-01-04 14:20:25.460root 11241100x80000000000000004281727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f13948052dd632022-01-04 14:20:25.461root 11241100x80000000000000004281728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bf3fb2bffe718d2022-01-04 14:20:25.461root 11241100x80000000000000004281729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8539c6bc1d6005f2022-01-04 14:20:25.461root 11241100x80000000000000004281730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915499a3f1b70f8e2022-01-04 14:20:25.461root 11241100x80000000000000004281731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35d7e5216b23df92022-01-04 14:20:25.461root 11241100x80000000000000004281732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5365559458a3813e2022-01-04 14:20:25.461root 11241100x80000000000000004281733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6daf778c8a3de6fd2022-01-04 14:20:25.959root 11241100x80000000000000004281734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feefacba54fabfe22022-01-04 14:20:25.959root 11241100x80000000000000004281735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cb96a617b731092022-01-04 14:20:25.959root 11241100x80000000000000004281736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18c259de6a04de02022-01-04 14:20:25.959root 11241100x80000000000000004281737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5669ad8d6ee6843d2022-01-04 14:20:25.960root 11241100x80000000000000004281738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae4514076e564f42022-01-04 14:20:25.960root 11241100x80000000000000004281739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66944517e9006c1c2022-01-04 14:20:25.960root 11241100x80000000000000004281740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e53d3258262dcfe2022-01-04 14:20:25.960root 11241100x80000000000000004281741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5b87366e7711da2022-01-04 14:20:25.960root 11241100x80000000000000004281742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6a3093d7e18db32022-01-04 14:20:25.960root 11241100x80000000000000004281743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823869612208cd3c2022-01-04 14:20:25.960root 11241100x80000000000000004281744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f319cfafa4eda22022-01-04 14:20:25.960root 11241100x80000000000000004281745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49eef95677dabe02022-01-04 14:20:25.960root 11241100x80000000000000004281746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8410f4989994dc192022-01-04 14:20:25.960root 11241100x80000000000000004281747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c0d772ca21f91c2022-01-04 14:20:25.960root 11241100x80000000000000004281748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88fbedb5f0f25752022-01-04 14:20:25.960root 11241100x80000000000000004281749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b36e87bb12f8352022-01-04 14:20:25.960root 11241100x80000000000000004281750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd63f39bf3f34f2022-01-04 14:20:25.960root 11241100x80000000000000004281751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa97e609ef645152022-01-04 14:20:25.961root 11241100x80000000000000004281752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5ce4f6bb7ceda92022-01-04 14:20:25.961root 354300x80000000000000004281753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.196{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41550-false10.0.1.12-8000- 11241100x80000000000000004281754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ef076972fe54042022-01-04 14:20:26.459root 11241100x80000000000000004281755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d92f5d4001953a02022-01-04 14:20:26.459root 11241100x80000000000000004281756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb782db982ff40de2022-01-04 14:20:26.459root 11241100x80000000000000004281757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345aa2e5fc23f45c2022-01-04 14:20:26.459root 11241100x80000000000000004281758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665eddafada986202022-01-04 14:20:26.459root 11241100x80000000000000004281759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b2fcb0d9400ade2022-01-04 14:20:26.460root 11241100x80000000000000004281760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd7767ed9f257732022-01-04 14:20:26.460root 11241100x80000000000000004281761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f264c205ab3e92022-01-04 14:20:26.460root 11241100x80000000000000004281762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba97f63993caa3f82022-01-04 14:20:26.460root 11241100x80000000000000004281763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75687f21c5d9d3352022-01-04 14:20:26.460root 11241100x80000000000000004281764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9175e9b948b64a82022-01-04 14:20:26.460root 11241100x80000000000000004281765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16099aef37ddf842022-01-04 14:20:26.460root 11241100x80000000000000004281766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb908a74683553a82022-01-04 14:20:26.460root 11241100x80000000000000004281767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea68c12ed2a5ea32022-01-04 14:20:26.460root 11241100x80000000000000004281768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf44700ea51a2caf2022-01-04 14:20:26.460root 11241100x80000000000000004281769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22468c0d16c9f442022-01-04 14:20:26.460root 11241100x80000000000000004281770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd4d715f763ef422022-01-04 14:20:26.461root 11241100x80000000000000004281771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f8d646a2d21edd2022-01-04 14:20:26.461root 11241100x80000000000000004281772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eec2e74182026f2022-01-04 14:20:26.461root 11241100x80000000000000004281773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d264b6aca45edd2022-01-04 14:20:26.461root 11241100x80000000000000004281774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3fbf99410eaa102022-01-04 14:20:26.461root 11241100x80000000000000004281775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c38dbe08217fd972022-01-04 14:20:26.461root 11241100x80000000000000004281776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec64efd4e8a1c5902022-01-04 14:20:26.461root 11241100x80000000000000004281777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4113704f7bbfe0112022-01-04 14:20:26.461root 11241100x80000000000000004281778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e25bdd839725ae2022-01-04 14:20:26.960root 11241100x80000000000000004281779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c018a62ca89a8e2022-01-04 14:20:26.960root 11241100x80000000000000004281780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e72418c75e63012022-01-04 14:20:26.960root 11241100x80000000000000004281781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c10db2da47bcf42022-01-04 14:20:26.960root 11241100x80000000000000004281782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3e102ba6428bd82022-01-04 14:20:26.960root 11241100x80000000000000004281783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b67c9dce0029ef82022-01-04 14:20:26.960root 11241100x80000000000000004281784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f357e46cabd58a2022-01-04 14:20:26.960root 11241100x80000000000000004281785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f87bf15fbdb394f2022-01-04 14:20:26.961root 11241100x80000000000000004281786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4197f0592c45b8c2022-01-04 14:20:26.961root 11241100x80000000000000004281787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40ea042924fc43a2022-01-04 14:20:26.961root 11241100x80000000000000004281788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5dc8959e589e22022-01-04 14:20:26.961root 11241100x80000000000000004281789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deb8ff9d84b718a2022-01-04 14:20:26.961root 11241100x80000000000000004281790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a265ef31c18c9a172022-01-04 14:20:26.961root 11241100x80000000000000004281791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ec6565d0a963942022-01-04 14:20:26.961root 11241100x80000000000000004281792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e92c67f320bd7e02022-01-04 14:20:26.961root 11241100x80000000000000004281793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d11b2723281dec22022-01-04 14:20:26.962root 11241100x80000000000000004281794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f4322453aa94ae2022-01-04 14:20:26.962root 11241100x80000000000000004281795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0962211f80b40a692022-01-04 14:20:26.962root 11241100x80000000000000004281796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3166533501f4452022-01-04 14:20:26.962root 11241100x80000000000000004281797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a44ad6ebe7c1452022-01-04 14:20:26.962root 11241100x80000000000000004281798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e170d47e050c7432022-01-04 14:20:26.962root 354300x80000000000000004281799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.140{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42032-false10.0.1.12-8089- 11241100x80000000000000004281800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54335d4766ebb07f2022-01-04 14:20:27.459root 11241100x80000000000000004281801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f09ba0f7c895db2022-01-04 14:20:27.459root 11241100x80000000000000004281802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cbc2bdb273ae2d2022-01-04 14:20:27.459root 11241100x80000000000000004281803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217f1e1d2ebb381f2022-01-04 14:20:27.460root 11241100x80000000000000004281804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c545a483c9e726692022-01-04 14:20:27.460root 11241100x80000000000000004281805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4bf1d6b71645722022-01-04 14:20:27.460root 11241100x80000000000000004281806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c6f9005f762d6b2022-01-04 14:20:27.460root 11241100x80000000000000004281807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb8024c25e2e79e2022-01-04 14:20:27.460root 11241100x80000000000000004281808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e557e14d0bdffd522022-01-04 14:20:27.460root 11241100x80000000000000004281809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc7d877a763328e2022-01-04 14:20:27.460root 11241100x80000000000000004281810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64338acd0ef1d0652022-01-04 14:20:27.461root 11241100x80000000000000004281811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97604fc88e514ae52022-01-04 14:20:27.461root 11241100x80000000000000004281812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc0bc437324f192022-01-04 14:20:27.461root 11241100x80000000000000004281813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e9bd2cd588755a2022-01-04 14:20:27.461root 11241100x80000000000000004281814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94251f8f5f013d992022-01-04 14:20:27.461root 11241100x80000000000000004281815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e63d38fa2b789412022-01-04 14:20:27.461root 11241100x80000000000000004281816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265b0ec08976e3922022-01-04 14:20:27.461root 11241100x80000000000000004281817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97232fbdabdd3e42022-01-04 14:20:27.461root 11241100x80000000000000004281818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e4127fd188ebf42022-01-04 14:20:27.462root 11241100x80000000000000004281819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dab95de3857c462022-01-04 14:20:27.462root 11241100x80000000000000004281820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd37ef64c226813c2022-01-04 14:20:27.462root 11241100x80000000000000004281821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5860c4275b3b79282022-01-04 14:20:27.462root 11241100x80000000000000004281822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567f343150a666d72022-01-04 14:20:27.960root 11241100x80000000000000004281823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c173b0a4f81ca4792022-01-04 14:20:27.960root 11241100x80000000000000004281824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac6045dff1d4b8c2022-01-04 14:20:27.960root 11241100x80000000000000004281825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f20d95b753979a2022-01-04 14:20:27.960root 11241100x80000000000000004281826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7357269955cbc09b2022-01-04 14:20:27.960root 11241100x80000000000000004281827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06717010a0127d82022-01-04 14:20:27.960root 11241100x80000000000000004281828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fed81f40ac3ee92022-01-04 14:20:27.960root 11241100x80000000000000004281829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8fa5e94107e7c62022-01-04 14:20:27.960root 11241100x80000000000000004281830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d71ed85d26bd3a2022-01-04 14:20:27.961root 11241100x80000000000000004281831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969cc2687a2b44122022-01-04 14:20:27.961root 11241100x80000000000000004281832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de1561c2a8b17ea2022-01-04 14:20:27.961root 11241100x80000000000000004281833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d50f9a60ef94032022-01-04 14:20:27.961root 11241100x80000000000000004281834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a72e58401a522d62022-01-04 14:20:27.961root 11241100x80000000000000004281835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c9dd80f00a2da2022-01-04 14:20:27.961root 11241100x80000000000000004281836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc0856222f520f2022-01-04 14:20:27.961root 11241100x80000000000000004281837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4573a300a2eea62022-01-04 14:20:27.961root 11241100x80000000000000004281838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2016d9ccad351d2d2022-01-04 14:20:27.961root 11241100x80000000000000004281839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b850ba2abbb73702022-01-04 14:20:27.961root 11241100x80000000000000004281840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae48b16c9f44e0912022-01-04 14:20:27.961root 11241100x80000000000000004281841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164a1a3602dcfa1d2022-01-04 14:20:27.961root 11241100x80000000000000004281842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261e3b249f13d5c2022-01-04 14:20:27.961root 11241100x80000000000000004281843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be9a108296138862022-01-04 14:20:27.961root 11241100x80000000000000004281844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1cb80d1a608c92022-01-04 14:20:28.460root 11241100x80000000000000004281845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cdc12ac97b835e2022-01-04 14:20:28.460root 11241100x80000000000000004281846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0cf69a6b9537802022-01-04 14:20:28.460root 11241100x80000000000000004281847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d793eb5eb367cc2022-01-04 14:20:28.460root 11241100x80000000000000004281848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b747c7aa31f37722022-01-04 14:20:28.460root 11241100x80000000000000004281849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622fe4ea7c0c96d02022-01-04 14:20:28.460root 11241100x80000000000000004281850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37ec8132b1cc6282022-01-04 14:20:28.460root 11241100x80000000000000004281851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab5ddcbff1145202022-01-04 14:20:28.460root 11241100x80000000000000004281852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4326b88087b67742022-01-04 14:20:28.460root 11241100x80000000000000004281853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdf6c10e4832f172022-01-04 14:20:28.460root 11241100x80000000000000004281854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b633bb9884626022022-01-04 14:20:28.460root 11241100x80000000000000004281855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c382136aaaca44722022-01-04 14:20:28.460root 11241100x80000000000000004281856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f83f5b4ee8ac1f62022-01-04 14:20:28.461root 11241100x80000000000000004281857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c65aea12fab74402022-01-04 14:20:28.461root 11241100x80000000000000004281858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dc2105b97ec2652022-01-04 14:20:28.461root 11241100x80000000000000004281859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388d1d6cd82aaeb42022-01-04 14:20:28.461root 11241100x80000000000000004281860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f51429003ff3842022-01-04 14:20:28.461root 11241100x80000000000000004281861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31c1a9cea50eb332022-01-04 14:20:28.461root 11241100x80000000000000004281862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0656f254d6c0302e2022-01-04 14:20:28.461root 11241100x80000000000000004281863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f1e3e6f1288df12022-01-04 14:20:28.461root 11241100x80000000000000004281864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710108e03ccb9ec92022-01-04 14:20:28.461root 11241100x80000000000000004281865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef69498701a8e082022-01-04 14:20:28.461root 11241100x80000000000000004281866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8d54e8641b8bb02022-01-04 14:20:28.960root 11241100x80000000000000004281867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d451c502bd7439d82022-01-04 14:20:28.960root 11241100x80000000000000004281868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee3f9330e4107392022-01-04 14:20:28.960root 11241100x80000000000000004281869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4166a75f270e7022022-01-04 14:20:28.960root 11241100x80000000000000004281870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59ba8e0492f9d52022-01-04 14:20:28.960root 11241100x80000000000000004281871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37364b92dbe098f92022-01-04 14:20:28.961root 11241100x80000000000000004281872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc66fa735786e2d2022-01-04 14:20:28.961root 11241100x80000000000000004281873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c15e08a2a631302022-01-04 14:20:28.961root 11241100x80000000000000004281874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524f9e9af284726c2022-01-04 14:20:28.961root 11241100x80000000000000004281875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab72ee9c8208e402022-01-04 14:20:28.961root 11241100x80000000000000004281876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4150efe34b14df912022-01-04 14:20:28.961root 11241100x80000000000000004281877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971b3a9e5f4ffd72022-01-04 14:20:28.961root 11241100x80000000000000004281878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22faa5c70b7f3a9d2022-01-04 14:20:28.961root 11241100x80000000000000004281879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95785888f47bef722022-01-04 14:20:28.961root 11241100x80000000000000004281880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65673ef68247aad42022-01-04 14:20:28.961root 11241100x80000000000000004281881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aec8e6dc3fea1452022-01-04 14:20:28.961root 11241100x80000000000000004281882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c2ddef4c7486072022-01-04 14:20:28.961root 11241100x80000000000000004281883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c40f6fbab49e4f2022-01-04 14:20:28.961root 11241100x80000000000000004281884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fdde2ac217c24b2022-01-04 14:20:28.961root 11241100x80000000000000004281885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a5c70ad47fccf42022-01-04 14:20:28.962root 11241100x80000000000000004281886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff677a1dd2ba228d2022-01-04 14:20:28.962root 11241100x80000000000000004281887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7eac641fa2470c2022-01-04 14:20:28.962root 11241100x80000000000000004281888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fd2295d61442842022-01-04 14:20:29.459root 11241100x80000000000000004281889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673ed2af1a5f7eb42022-01-04 14:20:29.459root 11241100x80000000000000004281890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802f8a28aa17c3212022-01-04 14:20:29.459root 11241100x80000000000000004281891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488dde586cd308b32022-01-04 14:20:29.459root 11241100x80000000000000004281892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351a32be370122202022-01-04 14:20:29.460root 11241100x80000000000000004281893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b5eab0ee86bf462022-01-04 14:20:29.460root 11241100x80000000000000004281894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8c1085478c43e02022-01-04 14:20:29.460root 11241100x80000000000000004281895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06ea32d9217b2d62022-01-04 14:20:29.460root 11241100x80000000000000004281896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186b85b44ff000642022-01-04 14:20:29.460root 11241100x80000000000000004281897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888791bdb1920b6a2022-01-04 14:20:29.460root 11241100x80000000000000004281898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8716307f958433532022-01-04 14:20:29.460root 11241100x80000000000000004281899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb24e4a53b452c02022-01-04 14:20:29.460root 11241100x80000000000000004281900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cd2d3bc891a2222022-01-04 14:20:29.460root 11241100x80000000000000004281901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9345ca23101e7d2022-01-04 14:20:29.460root 11241100x80000000000000004281902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cf6dcec47af1652022-01-04 14:20:29.461root 11241100x80000000000000004281903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ac90ece7d527cf2022-01-04 14:20:29.461root 11241100x80000000000000004281904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043ba9b5bf8a75702022-01-04 14:20:29.461root 11241100x80000000000000004281905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c014a2993b9abf2022-01-04 14:20:29.461root 11241100x80000000000000004281906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9fff163724b88d2022-01-04 14:20:29.461root 11241100x80000000000000004281907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1994035b2cfd6b282022-01-04 14:20:29.461root 11241100x80000000000000004281908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda451e69f20606c2022-01-04 14:20:29.461root 11241100x80000000000000004281909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c69f7e622dc9f282022-01-04 14:20:29.461root 11241100x80000000000000004281910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc98829133dbead82022-01-04 14:20:29.461root 11241100x80000000000000004281911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82efcd586a73c962022-01-04 14:20:29.959root 11241100x80000000000000004281912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce5e271cf27f4d22022-01-04 14:20:29.959root 11241100x80000000000000004281913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4477872a389156f32022-01-04 14:20:29.960root 11241100x80000000000000004281914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4556a2047de4e86b2022-01-04 14:20:29.960root 11241100x80000000000000004281915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44e28164287c3ef2022-01-04 14:20:29.960root 11241100x80000000000000004281916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c772111b8663bb9b2022-01-04 14:20:29.960root 11241100x80000000000000004281917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80289ea4827beb02022-01-04 14:20:29.960root 11241100x80000000000000004281918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bab423f1e5a1bc2022-01-04 14:20:29.960root 11241100x80000000000000004281919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5021486e95a679382022-01-04 14:20:29.960root 11241100x80000000000000004281920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1741ba48cf0ac62d2022-01-04 14:20:29.960root 11241100x80000000000000004281921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813785d5c3406f212022-01-04 14:20:29.961root 11241100x80000000000000004281922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b273002fd128285c2022-01-04 14:20:29.961root 11241100x80000000000000004281923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9c28497586eb652022-01-04 14:20:29.961root 11241100x80000000000000004281924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd86fabe01b5d692022-01-04 14:20:29.961root 11241100x80000000000000004281925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a053485231bff73d2022-01-04 14:20:29.961root 11241100x80000000000000004281926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6a562bb6f5d9202022-01-04 14:20:29.961root 11241100x80000000000000004281927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9cca2bdf031c4f2022-01-04 14:20:29.961root 11241100x80000000000000004281928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dd0b76146663f72022-01-04 14:20:29.961root 11241100x80000000000000004281929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e86c78247a9d0302022-01-04 14:20:29.961root 11241100x80000000000000004281930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d74cdbaf357e762022-01-04 14:20:29.961root 11241100x80000000000000004281931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b303c8f3fde0385c2022-01-04 14:20:29.962root 11241100x80000000000000004281932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a709865df31dad2022-01-04 14:20:29.962root 11241100x80000000000000004281933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199ff7d23618d4112022-01-04 14:20:29.962root 11241100x80000000000000004281934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b9a476daeab7482022-01-04 14:20:30.460root 11241100x80000000000000004281935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730ed8128121dc802022-01-04 14:20:30.460root 11241100x80000000000000004281936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553ee560a178f83b2022-01-04 14:20:30.460root 11241100x80000000000000004281937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ff6618f21be80d2022-01-04 14:20:30.460root 11241100x80000000000000004281938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeda3d2cac7a1982022-01-04 14:20:30.460root 11241100x80000000000000004281939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1b9b39ea6d7c842022-01-04 14:20:30.460root 11241100x80000000000000004281940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e95c9758dc3a9f2022-01-04 14:20:30.460root 11241100x80000000000000004281941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053402480e465d822022-01-04 14:20:30.460root 11241100x80000000000000004281942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a0864f9328ec9f2022-01-04 14:20:30.461root 11241100x80000000000000004281943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e574c2a5a96a312022-01-04 14:20:30.461root 11241100x80000000000000004281944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20422a8f9f2450d02022-01-04 14:20:30.461root 11241100x80000000000000004281945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756c449b88492c0b2022-01-04 14:20:30.461root 11241100x80000000000000004281946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf7111da5e530dd2022-01-04 14:20:30.462root 11241100x80000000000000004281947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9de6835e692da12022-01-04 14:20:30.462root 11241100x80000000000000004281948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f9622595dafa892022-01-04 14:20:30.462root 11241100x80000000000000004281949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94db84b67ddee812022-01-04 14:20:30.462root 11241100x80000000000000004281950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba3f193592363372022-01-04 14:20:30.462root 11241100x80000000000000004281951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85ffb0355ebd6d52022-01-04 14:20:30.462root 11241100x80000000000000004281952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403cea2557d6b90c2022-01-04 14:20:30.462root 11241100x80000000000000004281953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d930690f429a392022-01-04 14:20:30.462root 11241100x80000000000000004281954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0866a05d3f08b4ba2022-01-04 14:20:30.462root 11241100x80000000000000004281955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa371009d67edaa2022-01-04 14:20:30.462root 11241100x80000000000000004281956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e613aa030ea263882022-01-04 14:20:30.959root 11241100x80000000000000004281957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b090aa43aa897912022-01-04 14:20:30.959root 11241100x80000000000000004281958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0422dcf8f95405f02022-01-04 14:20:30.960root 11241100x80000000000000004281959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f7636ef93f7c472022-01-04 14:20:30.960root 11241100x80000000000000004281960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3294cde1a7e2b0e2022-01-04 14:20:30.960root 11241100x80000000000000004281961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da568669ee640a02022-01-04 14:20:30.960root 11241100x80000000000000004281962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369fa29167e3b4302022-01-04 14:20:30.960root 11241100x80000000000000004281963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94536f31399327f2022-01-04 14:20:30.960root 11241100x80000000000000004281964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7a3d07b5a44b852022-01-04 14:20:30.960root 11241100x80000000000000004281965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4321d9c4efb941642022-01-04 14:20:30.960root 11241100x80000000000000004281966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb3de4efba0dc652022-01-04 14:20:30.960root 11241100x80000000000000004281967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23639d35551aaa032022-01-04 14:20:30.960root 11241100x80000000000000004281968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c90d51a8e13282022-01-04 14:20:30.960root 11241100x80000000000000004281969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8982132288f35f2022-01-04 14:20:30.960root 11241100x80000000000000004281970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9973a63bb4cd262022-01-04 14:20:30.961root 11241100x80000000000000004281971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba43dbe30cf32de2022-01-04 14:20:30.961root 11241100x80000000000000004281972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04d3231c593c9c62022-01-04 14:20:30.961root 11241100x80000000000000004281973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4797b491fc13d09a2022-01-04 14:20:30.961root 11241100x80000000000000004281974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f4ff42b6f18e1f2022-01-04 14:20:30.961root 11241100x80000000000000004281975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce409a1ccae32ec2022-01-04 14:20:30.961root 11241100x80000000000000004281976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb5a2c4e4b35a0e2022-01-04 14:20:30.961root 11241100x80000000000000004281977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf4a549638dc6012022-01-04 14:20:30.961root 11241100x80000000000000004281978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:20:31.221root 11241100x80000000000000004281979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d13ae9e621294f92022-01-04 14:20:31.222root 11241100x80000000000000004281980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac38c1513f14f5102022-01-04 14:20:31.222root 11241100x80000000000000004281981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe7dfdb6f7a07a22022-01-04 14:20:31.223root 11241100x80000000000000004281982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c18965924c810702022-01-04 14:20:31.223root 11241100x80000000000000004281983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae11b9bbf2cdb02022-01-04 14:20:31.223root 11241100x80000000000000004281984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5eda87bbe973b62022-01-04 14:20:31.223root 11241100x80000000000000004281985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaa284946afc5b12022-01-04 14:20:31.223root 11241100x80000000000000004281986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d770d7e5bbbdb32022-01-04 14:20:31.223root 11241100x80000000000000004281987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5374336110640282022-01-04 14:20:31.223root 11241100x80000000000000004281988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8599b4cb9af62e9a2022-01-04 14:20:31.223root 11241100x80000000000000004281989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92810f2460820ac62022-01-04 14:20:31.223root 11241100x80000000000000004281990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30e50a53e5d81cd2022-01-04 14:20:31.223root 11241100x80000000000000004281991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06359b6326ff992022-01-04 14:20:31.223root 11241100x80000000000000004281992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481fefe901820c542022-01-04 14:20:31.223root 11241100x80000000000000004281993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447ceb8241bb79362022-01-04 14:20:31.224root 11241100x80000000000000004281994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcf14ea885dfabb2022-01-04 14:20:31.224root 11241100x80000000000000004281995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476a63c9db33ffca2022-01-04 14:20:31.224root 11241100x80000000000000004281996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc385d322eb76572022-01-04 14:20:31.224root 11241100x80000000000000004281997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48a15032db1ce7f2022-01-04 14:20:31.224root 11241100x80000000000000004281998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b65eb9e966160c12022-01-04 14:20:31.224root 11241100x80000000000000004281999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ce1bc412b08bd92022-01-04 14:20:31.224root 11241100x80000000000000004282000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1725094549f476302022-01-04 14:20:31.224root 11241100x80000000000000004282001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2df82197fbed6d2022-01-04 14:20:31.224root 11241100x80000000000000004282002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36efb39f4f9986162022-01-04 14:20:31.224root 11241100x80000000000000004282003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70cdde52387091d2022-01-04 14:20:31.224root 11241100x80000000000000004282004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb835752982f9512022-01-04 14:20:31.225root 354300x80000000000000004282005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.240{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41554-false10.0.1.12-8000- 11241100x80000000000000004282006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ba3f322be6859f2022-01-04 14:20:31.710root 11241100x80000000000000004282007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ac8c8747552cc2022-01-04 14:20:31.710root 11241100x80000000000000004282008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e1a5595f59e5922022-01-04 14:20:31.710root 11241100x80000000000000004282009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13dd4eeebc8cf672022-01-04 14:20:31.710root 11241100x80000000000000004282010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97834aef1288b1552022-01-04 14:20:31.711root 11241100x80000000000000004282011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019c979c2e71e61c2022-01-04 14:20:31.711root 11241100x80000000000000004282012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e122cab4b256152022-01-04 14:20:31.711root 11241100x80000000000000004282013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6496f7c7bb32c2c92022-01-04 14:20:31.711root 11241100x80000000000000004282014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6358d4511d45723f2022-01-04 14:20:31.711root 11241100x80000000000000004282015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4994c8690acfff0d2022-01-04 14:20:31.711root 11241100x80000000000000004282016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9b2ed2704aacde2022-01-04 14:20:31.712root 11241100x80000000000000004282017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cc6b40e78bb5432022-01-04 14:20:31.712root 11241100x80000000000000004282018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1506ea06de006fc2022-01-04 14:20:31.712root 11241100x80000000000000004282019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d5fe981ae922f72022-01-04 14:20:31.712root 11241100x80000000000000004282020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb7629dccd4f8762022-01-04 14:20:31.712root 11241100x80000000000000004282021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f7c09ba0df9d6d2022-01-04 14:20:31.712root 11241100x80000000000000004282022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84eafe02fbb61542022-01-04 14:20:31.712root 11241100x80000000000000004282023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0005d2223cbc6e2022-01-04 14:20:31.713root 11241100x80000000000000004282024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abea4b2a0f0d4f42022-01-04 14:20:31.713root 11241100x80000000000000004282025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400a07f4c521a6562022-01-04 14:20:31.713root 11241100x80000000000000004282026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8941ac5651301812022-01-04 14:20:31.713root 11241100x80000000000000004282027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd6d1130c7846c42022-01-04 14:20:31.713root 11241100x80000000000000004282028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431ad988ec89fd092022-01-04 14:20:31.713root 11241100x80000000000000004282029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:31.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04b3202c71b8b732022-01-04 14:20:31.713root 11241100x80000000000000004282030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3245a879a2eabd892022-01-04 14:20:32.209root 11241100x80000000000000004282031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bfc7467d5e62492022-01-04 14:20:32.209root 11241100x80000000000000004282032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d3a18cf8f908b2022-01-04 14:20:32.210root 11241100x80000000000000004282033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ef123b4c4935ff2022-01-04 14:20:32.210root 11241100x80000000000000004282034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0e6a69acb135df2022-01-04 14:20:32.210root 11241100x80000000000000004282035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e184be4ed824f02022-01-04 14:20:32.210root 11241100x80000000000000004282036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e09bf5130c408d2022-01-04 14:20:32.210root 11241100x80000000000000004282037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f782067cff18fb912022-01-04 14:20:32.210root 11241100x80000000000000004282038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a400980e26aaddc82022-01-04 14:20:32.210root 11241100x80000000000000004282039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4128fc0a8eaa2b2022-01-04 14:20:32.211root 11241100x80000000000000004282040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90718841073f7df2022-01-04 14:20:32.211root 11241100x80000000000000004282041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51071e79c8928042022-01-04 14:20:32.211root 11241100x80000000000000004282042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e17542df93c8cc2022-01-04 14:20:32.211root 11241100x80000000000000004282043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438c3f905d744bfa2022-01-04 14:20:32.211root 11241100x80000000000000004282044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8533aa7b4ae13a012022-01-04 14:20:32.211root 11241100x80000000000000004282045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df68825cf84a8522022-01-04 14:20:32.212root 11241100x80000000000000004282046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d47d168a4455492022-01-04 14:20:32.212root 11241100x80000000000000004282047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e52a0de0d570b22022-01-04 14:20:32.212root 11241100x80000000000000004282048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3a444e7648e5b82022-01-04 14:20:32.212root 11241100x80000000000000004282049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c539a2edc436c9b2022-01-04 14:20:32.212root 11241100x80000000000000004282050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaca0d9042303b4e2022-01-04 14:20:32.212root 11241100x80000000000000004282051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f32633a89d88f32022-01-04 14:20:32.212root 11241100x80000000000000004282052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed69d4fcd8f827d2022-01-04 14:20:32.213root 11241100x80000000000000004282053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7704fb9497388642022-01-04 14:20:32.213root 11241100x80000000000000004282054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5821d346c25c0e2022-01-04 14:20:32.710root 11241100x80000000000000004282055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1e4d1a1b8c4a182022-01-04 14:20:32.710root 11241100x80000000000000004282056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1db186a26a6c3b82022-01-04 14:20:32.710root 11241100x80000000000000004282057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e83583fa2d777f2022-01-04 14:20:32.711root 11241100x80000000000000004282058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6227c349326e332022-01-04 14:20:32.711root 11241100x80000000000000004282059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e6d66465f5d0482022-01-04 14:20:32.711root 11241100x80000000000000004282060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b23f35fb9596172022-01-04 14:20:32.711root 11241100x80000000000000004282061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4f3753b3e742ef2022-01-04 14:20:32.711root 11241100x80000000000000004282062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de08cd094f65a4602022-01-04 14:20:32.711root 11241100x80000000000000004282063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512fe90c0de064e2022-01-04 14:20:32.711root 11241100x80000000000000004282064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa77ab6fc2fd8b12022-01-04 14:20:32.712root 11241100x80000000000000004282065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4082db8fa31b64d2022-01-04 14:20:32.712root 11241100x80000000000000004282066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ec77631a2248892022-01-04 14:20:32.712root 11241100x80000000000000004282067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd9daffaa0bc0b52022-01-04 14:20:32.712root 11241100x80000000000000004282068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea20ecd722c5edc2022-01-04 14:20:32.712root 11241100x80000000000000004282069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63682f91348344a72022-01-04 14:20:32.712root 11241100x80000000000000004282070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda16f653ffe29b52022-01-04 14:20:32.712root 11241100x80000000000000004282071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6ccb74de4ef60a2022-01-04 14:20:32.712root 11241100x80000000000000004282072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7fb33c4f4a98442022-01-04 14:20:32.712root 11241100x80000000000000004282073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b57ee5a147b618e2022-01-04 14:20:32.713root 11241100x80000000000000004282074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14bf93b435e84792022-01-04 14:20:32.713root 11241100x80000000000000004282075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229e6d659877d612022-01-04 14:20:32.713root 11241100x80000000000000004282076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a2adc3ac422e2f2022-01-04 14:20:32.713root 11241100x80000000000000004282077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:32.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a8ca9bfedd33362022-01-04 14:20:32.713root 11241100x80000000000000004282078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4f58cbba876ca32022-01-04 14:20:33.210root 11241100x80000000000000004282079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be0840c38798f022022-01-04 14:20:33.210root 11241100x80000000000000004282080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1ed1dc8fc557862022-01-04 14:20:33.210root 11241100x80000000000000004282081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55160a4558d3dd8c2022-01-04 14:20:33.210root 11241100x80000000000000004282082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26be56614af00e492022-01-04 14:20:33.210root 11241100x80000000000000004282083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7c72c5b9ba78e2022-01-04 14:20:33.210root 11241100x80000000000000004282084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a06990a324d37402022-01-04 14:20:33.211root 11241100x80000000000000004282085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e71f990680646c52022-01-04 14:20:33.211root 11241100x80000000000000004282086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df663b79659c31592022-01-04 14:20:33.211root 11241100x80000000000000004282087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d8eb0964b9f1ea2022-01-04 14:20:33.211root 11241100x80000000000000004282088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cde81719a160c742022-01-04 14:20:33.211root 11241100x80000000000000004282089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e75cceaab28582022-01-04 14:20:33.211root 11241100x80000000000000004282090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e9eea7ab3ff8032022-01-04 14:20:33.211root 11241100x80000000000000004282091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17545ef4483df27f2022-01-04 14:20:33.211root 11241100x80000000000000004282092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13239555a5b0b88a2022-01-04 14:20:33.211root 11241100x80000000000000004282093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428f0f4874ef88352022-01-04 14:20:33.211root 11241100x80000000000000004282094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a3080aaf01a392022-01-04 14:20:33.211root 11241100x80000000000000004282095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b193011cc44ba12022-01-04 14:20:33.212root 11241100x80000000000000004282096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f6a35764dfab872022-01-04 14:20:33.212root 11241100x80000000000000004282097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b65c04455135352022-01-04 14:20:33.212root 11241100x80000000000000004282098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bf575b6fd8927b2022-01-04 14:20:33.212root 11241100x80000000000000004282099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ea8aed1c6518572022-01-04 14:20:33.212root 11241100x80000000000000004282100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7776342bf915dc2022-01-04 14:20:33.212root 11241100x80000000000000004282101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07d53fb3ec07f672022-01-04 14:20:33.212root 534500x80000000000000004282102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.537{00000000-0000-0000-0000-000000000000}14854<unknown process>root 11241100x80000000000000004282103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.537{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af68e691752639932022-01-04 14:20:33.537root 11241100x80000000000000004282104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.537{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f5c63cb1a541962022-01-04 14:20:33.537root 11241100x80000000000000004282105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.537{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480505f6921aaa22022-01-04 14:20:33.537root 11241100x80000000000000004282106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad272de98b6c011f2022-01-04 14:20:33.538root 11241100x80000000000000004282107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e8911dfc9e89eb2022-01-04 14:20:33.538root 11241100x80000000000000004282108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662bef314501a4bd2022-01-04 14:20:33.538root 11241100x80000000000000004282109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f287f9a11b8e032022-01-04 14:20:33.538root 11241100x80000000000000004282110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2247c55355f2124d2022-01-04 14:20:33.538root 11241100x80000000000000004282111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa42e877de3b86a12022-01-04 14:20:33.538root 11241100x80000000000000004282112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7523bb8546900a782022-01-04 14:20:33.538root 11241100x80000000000000004282113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a49747af4a684df2022-01-04 14:20:33.538root 11241100x80000000000000004282114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd142e95ea58624a2022-01-04 14:20:33.538root 11241100x80000000000000004282115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d76ac735f90a0a2022-01-04 14:20:33.538root 11241100x80000000000000004282116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba51a657751799632022-01-04 14:20:33.538root 11241100x80000000000000004282117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.538{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69c1d953e841ab62022-01-04 14:20:33.538root 11241100x80000000000000004282118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70eaca5ac80644d72022-01-04 14:20:33.539root 11241100x80000000000000004282119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a112bfd82a45a512022-01-04 14:20:33.539root 11241100x80000000000000004282120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fc4b162a6a91d82022-01-04 14:20:33.539root 11241100x80000000000000004282121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c27ac783634872022-01-04 14:20:33.539root 11241100x80000000000000004282122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb4897938431992022-01-04 14:20:33.539root 11241100x80000000000000004282123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421a32c04afd9ba2022-01-04 14:20:33.539root 11241100x80000000000000004282124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b94414cf364572022-01-04 14:20:33.539root 11241100x80000000000000004282125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7ff2593269abbf2022-01-04 14:20:33.539root 11241100x80000000000000004282126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200a186fe799183e2022-01-04 14:20:33.539root 11241100x80000000000000004282127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.539{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d5ffb53b99763d2022-01-04 14:20:33.539root 11241100x80000000000000004282128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac0036715567c92022-01-04 14:20:33.960root 11241100x80000000000000004282129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b69d53ac7ed6a042022-01-04 14:20:33.960root 11241100x80000000000000004282130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fdce9dac81747b2022-01-04 14:20:33.960root 11241100x80000000000000004282131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb539274818f4f112022-01-04 14:20:33.960root 11241100x80000000000000004282132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861e634fbdeddb432022-01-04 14:20:33.960root 11241100x80000000000000004282133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc73ecf19c2dfbff2022-01-04 14:20:33.960root 11241100x80000000000000004282134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cee1533d330d792022-01-04 14:20:33.960root 11241100x80000000000000004282135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73eb6d6ff9353ac02022-01-04 14:20:33.960root 11241100x80000000000000004282136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e221c52064c192062022-01-04 14:20:33.961root 11241100x80000000000000004282137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ee48764123e042022-01-04 14:20:33.961root 11241100x80000000000000004282138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7797d3b17bf061fa2022-01-04 14:20:33.961root 11241100x80000000000000004282139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce05c87fee9687e2022-01-04 14:20:33.961root 11241100x80000000000000004282140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec0e4defabf570f2022-01-04 14:20:33.961root 11241100x80000000000000004282141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2407d80cf39221232022-01-04 14:20:33.961root 11241100x80000000000000004282142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425255d664641fcb2022-01-04 14:20:33.961root 11241100x80000000000000004282143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bfcb2121ba36892022-01-04 14:20:33.961root 11241100x80000000000000004282144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93ad083a49a5af52022-01-04 14:20:33.961root 11241100x80000000000000004282145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce14ab66dc7722d2022-01-04 14:20:33.961root 11241100x80000000000000004282146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cb8fc95a5a36792022-01-04 14:20:33.961root 11241100x80000000000000004282147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54d0887f141ce72022-01-04 14:20:33.961root 11241100x80000000000000004282148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a759e58560cddc662022-01-04 14:20:33.961root 11241100x80000000000000004282149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e1d6883424cae42022-01-04 14:20:33.961root 11241100x80000000000000004282150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93672858a8040d82022-01-04 14:20:33.961root 11241100x80000000000000004282151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad47cb088ff1bb22022-01-04 14:20:33.962root 11241100x80000000000000004282152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:33.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e0c6834b5385302022-01-04 14:20:33.962root 23542300x80000000000000004282153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004282154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04b1928be967d712022-01-04 14:20:34.225root 11241100x80000000000000004282155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af79890b671d4472022-01-04 14:20:34.225root 11241100x80000000000000004282156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a457f90b1f1a225a2022-01-04 14:20:34.225root 11241100x80000000000000004282157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92116a4641a02abe2022-01-04 14:20:34.225root 11241100x80000000000000004282158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca1df4f572819562022-01-04 14:20:34.225root 11241100x80000000000000004282159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1c616826aeeacc2022-01-04 14:20:34.225root 11241100x80000000000000004282160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cd5ba7bf7810da2022-01-04 14:20:34.225root 11241100x80000000000000004282161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba05febec9292882022-01-04 14:20:34.225root 11241100x80000000000000004282162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cc6733ce74ef5c2022-01-04 14:20:34.225root 11241100x80000000000000004282163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d51b831bcb85adb2022-01-04 14:20:34.226root 11241100x80000000000000004282164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e9f6dd47bc8c62022-01-04 14:20:34.226root 11241100x80000000000000004282165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d3153dfdcd64452022-01-04 14:20:34.226root 11241100x80000000000000004282166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea855d4f344b73722022-01-04 14:20:34.226root 11241100x80000000000000004282167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd3777317fb1e42022-01-04 14:20:34.226root 11241100x80000000000000004282168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc76cff9fc32be112022-01-04 14:20:34.226root 11241100x80000000000000004282169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648307dfa56af61b2022-01-04 14:20:34.226root 11241100x80000000000000004282170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b2acb617a5b4ef2022-01-04 14:20:34.226root 11241100x80000000000000004282171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95297ef3b2a0e8802022-01-04 14:20:34.226root 11241100x80000000000000004282172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322c2223ec8a28682022-01-04 14:20:34.226root 11241100x80000000000000004282173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d63c2fddbec7c652022-01-04 14:20:34.227root 11241100x80000000000000004282174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9930284e16374cf92022-01-04 14:20:34.227root 11241100x80000000000000004282175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8de60e43cdf02b2022-01-04 14:20:34.227root 11241100x80000000000000004282176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966630b43c6299582022-01-04 14:20:34.227root 11241100x80000000000000004282177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa1d54a632947172022-01-04 14:20:34.227root 11241100x80000000000000004282178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1702cf0648e861982022-01-04 14:20:34.227root 11241100x80000000000000004282179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a0489eec45d4cf2022-01-04 14:20:34.227root 11241100x80000000000000004282180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a8201e2f2536e02022-01-04 14:20:34.710root 11241100x80000000000000004282181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900f2a8ee65bc9ed2022-01-04 14:20:34.710root 11241100x80000000000000004282182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be423311d218bafc2022-01-04 14:20:34.710root 11241100x80000000000000004282183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df922b5964e9ecf2022-01-04 14:20:34.711root 11241100x80000000000000004282184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177302054b3e9d922022-01-04 14:20:34.711root 11241100x80000000000000004282185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4bf67a932eb3752022-01-04 14:20:34.711root 11241100x80000000000000004282186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c28f3db999a96b2022-01-04 14:20:34.711root 11241100x80000000000000004282187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a7e9141cf96c872022-01-04 14:20:34.711root 11241100x80000000000000004282188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eca2b82357fa3ea2022-01-04 14:20:34.711root 11241100x80000000000000004282189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b6becf9688437f2022-01-04 14:20:34.711root 11241100x80000000000000004282190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee329559ba9c73aa2022-01-04 14:20:34.711root 11241100x80000000000000004282191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55d274802487d9a2022-01-04 14:20:34.711root 11241100x80000000000000004282192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b3c099210171b12022-01-04 14:20:34.711root 11241100x80000000000000004282193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc44e8fe63740bcd2022-01-04 14:20:34.711root 11241100x80000000000000004282194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d661c012df43f12022-01-04 14:20:34.712root 11241100x80000000000000004282195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef1d67dd6cfa4742022-01-04 14:20:34.712root 11241100x80000000000000004282196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b8c57c6990c6af2022-01-04 14:20:34.712root 11241100x80000000000000004282197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4ae7f2a05304cf2022-01-04 14:20:34.712root 11241100x80000000000000004282198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2f10f41c5b52ef2022-01-04 14:20:34.712root 11241100x80000000000000004282199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7fc46b40177b592022-01-04 14:20:34.712root 11241100x80000000000000004282200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5cd44e99d63d762022-01-04 14:20:34.712root 11241100x80000000000000004282201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c998ba3b77a4012022-01-04 14:20:34.712root 11241100x80000000000000004282202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0f6f92be8497432022-01-04 14:20:34.712root 11241100x80000000000000004282203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48061a2faa4646f42022-01-04 14:20:34.712root 11241100x80000000000000004282204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467facd8c09454522022-01-04 14:20:34.712root 11241100x80000000000000004282205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cafda0d6da8d762022-01-04 14:20:34.713root 11241100x80000000000000004282206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737c4b584f678dc12022-01-04 14:20:35.210root 11241100x80000000000000004282207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3748a95e505906082022-01-04 14:20:35.210root 11241100x80000000000000004282208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e7b0d562024c002022-01-04 14:20:35.210root 11241100x80000000000000004282209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aab5a3ef2992702022-01-04 14:20:35.210root 11241100x80000000000000004282210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69c7e79cf4642dc2022-01-04 14:20:35.210root 11241100x80000000000000004282211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478eb0e259e69e6c2022-01-04 14:20:35.210root 11241100x80000000000000004282212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d7d1eeb6e9adf32022-01-04 14:20:35.210root 11241100x80000000000000004282213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92044c194f4204342022-01-04 14:20:35.210root 11241100x80000000000000004282214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb26f26e19eeb22022-01-04 14:20:35.211root 11241100x80000000000000004282215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e77c76e3aa14642022-01-04 14:20:35.211root 11241100x80000000000000004282216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698520b498ebce6f2022-01-04 14:20:35.211root 11241100x80000000000000004282217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf31f01f2c4060e32022-01-04 14:20:35.211root 11241100x80000000000000004282218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71205e03b46501e2022-01-04 14:20:35.211root 11241100x80000000000000004282219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ca624d8260a9e2022-01-04 14:20:35.211root 11241100x80000000000000004282220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982fa8d481fb87ca2022-01-04 14:20:35.211root 11241100x80000000000000004282221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5123ad509f9ef49b2022-01-04 14:20:35.211root 11241100x80000000000000004282222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995e1730b020251a2022-01-04 14:20:35.211root 11241100x80000000000000004282223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449f2948d63192d22022-01-04 14:20:35.211root 11241100x80000000000000004282224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9847df58b802a3aa2022-01-04 14:20:35.211root 11241100x80000000000000004282225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586e1669d61465302022-01-04 14:20:35.211root 11241100x80000000000000004282226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd61532696eab1f2022-01-04 14:20:35.211root 11241100x80000000000000004282227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536bc9839fc8416f2022-01-04 14:20:35.211root 11241100x80000000000000004282228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0fd7bf433c77fc2022-01-04 14:20:35.211root 11241100x80000000000000004282229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7c022bcff8107d2022-01-04 14:20:35.211root 11241100x80000000000000004282230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f877fdff942de12022-01-04 14:20:35.213root 11241100x80000000000000004282231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06837a6d964505ba2022-01-04 14:20:35.213root 11241100x80000000000000004282232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b202f5de912cd212022-01-04 14:20:35.709root 11241100x80000000000000004282233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f34ad9a3c7dfee92022-01-04 14:20:35.710root 11241100x80000000000000004282234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5bd9f91268cfc52022-01-04 14:20:35.710root 11241100x80000000000000004282235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10290989120f17e2022-01-04 14:20:35.710root 11241100x80000000000000004282236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35228362b7e217c2022-01-04 14:20:35.710root 11241100x80000000000000004282237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edb5a3a9516ec452022-01-04 14:20:35.711root 11241100x80000000000000004282238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc83c053ca574e32022-01-04 14:20:35.711root 11241100x80000000000000004282239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f4fbabdba08422022-01-04 14:20:35.711root 11241100x80000000000000004282240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7a7b483202ec172022-01-04 14:20:35.711root 11241100x80000000000000004282241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aa15ff7071561f2022-01-04 14:20:35.711root 11241100x80000000000000004282242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d7169ce28620f52022-01-04 14:20:35.711root 11241100x80000000000000004282243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cc4a652a1f4c362022-01-04 14:20:35.711root 11241100x80000000000000004282244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015179cfe1797bb52022-01-04 14:20:35.712root 11241100x80000000000000004282245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1b3e37210da8822022-01-04 14:20:35.712root 11241100x80000000000000004282246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204d3686810f735c2022-01-04 14:20:35.712root 11241100x80000000000000004282247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95adaba95cae3902022-01-04 14:20:35.712root 11241100x80000000000000004282248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2708d6dd2266102022-01-04 14:20:35.712root 11241100x80000000000000004282249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf767c674cba0832022-01-04 14:20:35.712root 11241100x80000000000000004282250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345704ee1ddff5c02022-01-04 14:20:35.712root 11241100x80000000000000004282251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4efff14e78643f32022-01-04 14:20:35.712root 11241100x80000000000000004282252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e54b79405d2a2752022-01-04 14:20:35.712root 11241100x80000000000000004282253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f71364d12e1a5d2022-01-04 14:20:35.713root 11241100x80000000000000004282254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea111a564f5ecd72022-01-04 14:20:35.713root 11241100x80000000000000004282255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abd90f498ee76452022-01-04 14:20:35.713root 11241100x80000000000000004282256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6aa1ebf86c1ff2022-01-04 14:20:35.713root 11241100x80000000000000004282257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771326a88ea9425d2022-01-04 14:20:35.713root 11241100x80000000000000004282258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:35.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47976927f7c77a2022-01-04 14:20:35.713root 11241100x80000000000000004282259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee4e3262a7484832022-01-04 14:20:36.210root 11241100x80000000000000004282260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c880a5cfa4d902022-01-04 14:20:36.210root 11241100x80000000000000004282261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d55b82c70c4bb32022-01-04 14:20:36.210root 11241100x80000000000000004282262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4cbcd44a2b8e472022-01-04 14:20:36.211root 11241100x80000000000000004282263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bccef2bc0f4c332022-01-04 14:20:36.211root 11241100x80000000000000004282264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da52848171a07d342022-01-04 14:20:36.211root 11241100x80000000000000004282265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a92523399f9dcd62022-01-04 14:20:36.211root 11241100x80000000000000004282266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8170a0f365ae93d62022-01-04 14:20:36.211root 11241100x80000000000000004282267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedddc171f6cc2d12022-01-04 14:20:36.211root 11241100x80000000000000004282268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c371fe3b7ff7b8a2022-01-04 14:20:36.211root 11241100x80000000000000004282269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d571600f9abe2312022-01-04 14:20:36.211root 11241100x80000000000000004282270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599545357e4b0a502022-01-04 14:20:36.211root 11241100x80000000000000004282271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6740940ff2e2e68e2022-01-04 14:20:36.211root 11241100x80000000000000004282272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a6dcd8b0b14c592022-01-04 14:20:36.211root 11241100x80000000000000004282273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c1d757b27716662022-01-04 14:20:36.212root 11241100x80000000000000004282274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4206c369aca1312022-01-04 14:20:36.212root 11241100x80000000000000004282275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ffbc8ef476d46c2022-01-04 14:20:36.212root 11241100x80000000000000004282276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d901e20b38089b822022-01-04 14:20:36.212root 11241100x80000000000000004282277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610f7536d57f4ae82022-01-04 14:20:36.212root 11241100x80000000000000004282278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b319d3e4216623b2022-01-04 14:20:36.212root 11241100x80000000000000004282279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b564fbe33665e52022-01-04 14:20:36.212root 11241100x80000000000000004282280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10513c405a1f158e2022-01-04 14:20:36.212root 11241100x80000000000000004282281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22f1be5b7eba6952022-01-04 14:20:36.212root 11241100x80000000000000004282282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d186cf5b9b05e62022-01-04 14:20:36.212root 11241100x80000000000000004282283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d9a0c4998fbc192022-01-04 14:20:36.212root 11241100x80000000000000004282284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9bbedef745f5dc2022-01-04 14:20:36.212root 11241100x80000000000000004282285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b3095420a3383f2022-01-04 14:20:36.710root 11241100x80000000000000004282286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f3a339eef5f2b22022-01-04 14:20:36.710root 11241100x80000000000000004282287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22eea0f160f38892022-01-04 14:20:36.710root 11241100x80000000000000004282288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64773d4bf6f963c2022-01-04 14:20:36.711root 11241100x80000000000000004282289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ff3448726d76372022-01-04 14:20:36.711root 11241100x80000000000000004282290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec7407028a369392022-01-04 14:20:36.711root 11241100x80000000000000004282291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdeb7d33e25680892022-01-04 14:20:36.711root 11241100x80000000000000004282292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eaa3d8b09ea1cd2022-01-04 14:20:36.711root 11241100x80000000000000004282293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84ec641a3bcf6d62022-01-04 14:20:36.711root 11241100x80000000000000004282294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecff4e78534b9d4d2022-01-04 14:20:36.711root 11241100x80000000000000004282295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79357e13b26449722022-01-04 14:20:36.711root 11241100x80000000000000004282296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52276ec501fb46072022-01-04 14:20:36.711root 11241100x80000000000000004282297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13640589b33a53c32022-01-04 14:20:36.711root 11241100x80000000000000004282298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e12525c3d7a9432022-01-04 14:20:36.712root 11241100x80000000000000004282299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67642bc052cae602022-01-04 14:20:36.712root 11241100x80000000000000004282300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402e6a1f09e37b332022-01-04 14:20:36.712root 11241100x80000000000000004282301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcaf1bedd7106ee2022-01-04 14:20:36.712root 11241100x80000000000000004282302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53fb6f34947c7112022-01-04 14:20:36.712root 11241100x80000000000000004282303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0de90bff4b7c642022-01-04 14:20:36.712root 11241100x80000000000000004282304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66abe277f82bb9a42022-01-04 14:20:36.712root 11241100x80000000000000004282305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5111d409637e721e2022-01-04 14:20:36.712root 11241100x80000000000000004282306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4856c71c2a51414e2022-01-04 14:20:36.712root 11241100x80000000000000004282307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b2ab6dca163fb02022-01-04 14:20:36.712root 11241100x80000000000000004282308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d891cae03ef81532022-01-04 14:20:36.712root 11241100x80000000000000004282309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65b7ca74422497c2022-01-04 14:20:36.712root 11241100x80000000000000004282310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23e68a812d1f62c2022-01-04 14:20:36.712root 354300x80000000000000004282311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.003{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41556-false10.0.1.12-8000- 11241100x80000000000000004282312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.004{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c0e7011652a8da2022-01-04 14:20:37.004root 11241100x80000000000000004282313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.004{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b3f1c58b90f4c32022-01-04 14:20:37.004root 11241100x80000000000000004282314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.004{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7611ab93ccaf6d2022-01-04 14:20:37.004root 11241100x80000000000000004282315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44757152addd8c2e2022-01-04 14:20:37.005root 11241100x80000000000000004282316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa4ed0cd52c44382022-01-04 14:20:37.005root 11241100x80000000000000004282317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee2d1ac8759891b2022-01-04 14:20:37.005root 11241100x80000000000000004282318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7ab8797786e1a52022-01-04 14:20:37.005root 11241100x80000000000000004282319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43161896331b697b2022-01-04 14:20:37.005root 11241100x80000000000000004282320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af071fbe5e8817532022-01-04 14:20:37.005root 11241100x80000000000000004282321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce3f097e442b2b62022-01-04 14:20:37.005root 11241100x80000000000000004282322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e66ae1f7bd768b2022-01-04 14:20:37.005root 11241100x80000000000000004282323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6574426e9db4282022-01-04 14:20:37.005root 11241100x80000000000000004282324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c206f07e06e15162022-01-04 14:20:37.005root 11241100x80000000000000004282325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b9fada1768e7f72022-01-04 14:20:37.005root 11241100x80000000000000004282326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841d9a4317b296ba2022-01-04 14:20:37.005root 11241100x80000000000000004282327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d22e33752fe76e2022-01-04 14:20:37.005root 11241100x80000000000000004282328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c083f542d8bd9b292022-01-04 14:20:37.005root 11241100x80000000000000004282329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.005{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62931f4e53ba03e02022-01-04 14:20:37.005root 11241100x80000000000000004282330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b5d794a77afea2022-01-04 14:20:37.006root 11241100x80000000000000004282331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a44a12ac65b5f02022-01-04 14:20:37.006root 11241100x80000000000000004282332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7197e2c2bae4fd632022-01-04 14:20:37.006root 11241100x80000000000000004282333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cc4775985126d62022-01-04 14:20:37.006root 11241100x80000000000000004282334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c32ccfd41706b2022-01-04 14:20:37.006root 11241100x80000000000000004282335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080257c577391bfa2022-01-04 14:20:37.006root 11241100x80000000000000004282336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea48438b0b205b932022-01-04 14:20:37.006root 11241100x80000000000000004282337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35538569cab3fcef2022-01-04 14:20:37.006root 11241100x80000000000000004282338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9af69394039da032022-01-04 14:20:37.006root 11241100x80000000000000004282339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.006{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a46df6e99b256a12022-01-04 14:20:37.006root 11241100x80000000000000004282340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9223f0a23a8fd8132022-01-04 14:20:37.459root 11241100x80000000000000004282341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae84afbef0a8c92022-01-04 14:20:37.459root 11241100x80000000000000004282342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cd9fcd50ec32532022-01-04 14:20:37.459root 11241100x80000000000000004282343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb6a3d8ca960d792022-01-04 14:20:37.460root 11241100x80000000000000004282344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186d7e47c92c04e52022-01-04 14:20:37.460root 11241100x80000000000000004282345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44c54543a0b3462022-01-04 14:20:37.460root 11241100x80000000000000004282346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ad0ecac8416c022022-01-04 14:20:37.460root 11241100x80000000000000004282347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351ca7fa40c11c6a2022-01-04 14:20:37.460root 11241100x80000000000000004282348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e2231f9ff78b172022-01-04 14:20:37.460root 11241100x80000000000000004282349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7ea53c8ffcbd492022-01-04 14:20:37.460root 11241100x80000000000000004282350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57191436a9028ff12022-01-04 14:20:37.460root 11241100x80000000000000004282351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fab7df8df218a232022-01-04 14:20:37.461root 11241100x80000000000000004282352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be54a07653e5a5f92022-01-04 14:20:37.461root 11241100x80000000000000004282353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c1f79ffdd067a62022-01-04 14:20:37.461root 11241100x80000000000000004282354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ca6944bad9d93e2022-01-04 14:20:37.461root 11241100x80000000000000004282355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0398622ce6a005fd2022-01-04 14:20:37.461root 11241100x80000000000000004282356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4910e6ea7db750b2022-01-04 14:20:37.461root 11241100x80000000000000004282357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa76a547982c6fca2022-01-04 14:20:37.461root 11241100x80000000000000004282358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a245992909809f292022-01-04 14:20:37.461root 11241100x80000000000000004282359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0335aff223997b2022-01-04 14:20:37.462root 11241100x80000000000000004282360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2ecef4306199162022-01-04 14:20:37.462root 11241100x80000000000000004282361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b09501e39608d652022-01-04 14:20:37.462root 11241100x80000000000000004282362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f8e085fad71b932022-01-04 14:20:37.462root 11241100x80000000000000004282363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a584a0244aa1b32022-01-04 14:20:37.462root 11241100x80000000000000004282364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a1d8da770316342022-01-04 14:20:37.462root 11241100x80000000000000004282365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ad4451ecee0f3a2022-01-04 14:20:37.463root 11241100x80000000000000004282366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d455d973b7b5c87e2022-01-04 14:20:37.463root 11241100x80000000000000004282367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f5e6ef0a137a92022-01-04 14:20:37.463root 11241100x80000000000000004282368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a442eb4fe40964b92022-01-04 14:20:37.463root 11241100x80000000000000004282369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1275c506c472492022-01-04 14:20:37.463root 11241100x80000000000000004282370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc61410a99c60f22022-01-04 14:20:37.464root 11241100x80000000000000004282371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a870874e74a6d9e12022-01-04 14:20:37.464root 11241100x80000000000000004282372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee6b41cc0bcf2ab2022-01-04 14:20:37.464root 11241100x80000000000000004282373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094457f5bffb0f522022-01-04 14:20:37.464root 11241100x80000000000000004282374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368d2fdc67ad26ed2022-01-04 14:20:37.468root 11241100x80000000000000004282375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b88aa202b101a42022-01-04 14:20:37.468root 11241100x80000000000000004282376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf297f662cd7e09b2022-01-04 14:20:37.469root 11241100x80000000000000004282377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0db8da2deb7a37e2022-01-04 14:20:37.469root 11241100x80000000000000004282378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bfcc6c7e30ac92022-01-04 14:20:37.469root 11241100x80000000000000004282379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e63d4c8eb9df792022-01-04 14:20:37.469root 11241100x80000000000000004282380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763c70157c8ce04a2022-01-04 14:20:37.469root 11241100x80000000000000004282381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd28a7141cffd2b42022-01-04 14:20:37.469root 11241100x80000000000000004282382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd491eabe31e3b32022-01-04 14:20:37.469root 11241100x80000000000000004282383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03cfc2b2e0e4fa82022-01-04 14:20:37.469root 11241100x80000000000000004282384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361e478d01cb22812022-01-04 14:20:37.469root 11241100x80000000000000004282385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd24bec90f5cfbf2022-01-04 14:20:37.470root 11241100x80000000000000004282386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a5c2e015f7a5252022-01-04 14:20:37.470root 11241100x80000000000000004282387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fd7ce05becfd0d2022-01-04 14:20:37.470root 11241100x80000000000000004282388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52f2f762de3fac42022-01-04 14:20:37.470root 11241100x80000000000000004282389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d48d50f701f0a72022-01-04 14:20:37.470root 11241100x80000000000000004282390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c67775179668192022-01-04 14:20:37.470root 11241100x80000000000000004282391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5409409bc7cf9a002022-01-04 14:20:37.470root 11241100x80000000000000004282392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ca71006990833e2022-01-04 14:20:37.471root 11241100x80000000000000004282393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9948911b1c902992022-01-04 14:20:37.960root 11241100x80000000000000004282394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e40e1e417c91e72022-01-04 14:20:37.960root 11241100x80000000000000004282395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f78018dfd2e46d2022-01-04 14:20:37.960root 11241100x80000000000000004282396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf81331bf449c3ac2022-01-04 14:20:37.960root 11241100x80000000000000004282397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31684aefb869c122022-01-04 14:20:37.961root 11241100x80000000000000004282398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd91619e165d432022-01-04 14:20:37.961root 11241100x80000000000000004282399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a8e8632bf098052022-01-04 14:20:37.961root 11241100x80000000000000004282400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc99af44ff41fb32022-01-04 14:20:37.961root 11241100x80000000000000004282401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a984238f80153f472022-01-04 14:20:37.961root 11241100x80000000000000004282402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2840d18eecf6dab32022-01-04 14:20:37.961root 11241100x80000000000000004282403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4984376facd1dd32022-01-04 14:20:37.961root 11241100x80000000000000004282404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a09dc84261f642022-01-04 14:20:37.961root 11241100x80000000000000004282405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b070400b9cfcee5c2022-01-04 14:20:37.961root 11241100x80000000000000004282406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ca2561b7f1ca7b2022-01-04 14:20:37.961root 11241100x80000000000000004282407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c153bde84cc5b052022-01-04 14:20:37.961root 11241100x80000000000000004282408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c72933274f22c542022-01-04 14:20:37.961root 11241100x80000000000000004282409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7778e117ebee258e2022-01-04 14:20:37.961root 11241100x80000000000000004282410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5365c94e71b044022022-01-04 14:20:37.962root 11241100x80000000000000004282411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15169830b2f938b82022-01-04 14:20:37.962root 11241100x80000000000000004282412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb2aca249d769cd2022-01-04 14:20:37.962root 11241100x80000000000000004282413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c161884329be9592022-01-04 14:20:37.962root 11241100x80000000000000004282414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6952e53fc8589282022-01-04 14:20:37.962root 11241100x80000000000000004282415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1b736167452e6c2022-01-04 14:20:37.962root 11241100x80000000000000004282416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39364e6a8af17c682022-01-04 14:20:37.962root 11241100x80000000000000004282417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e79ecc3fa191aac2022-01-04 14:20:37.962root 11241100x80000000000000004282418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6949f4d18b41cfb02022-01-04 14:20:37.962root 11241100x80000000000000004282419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e3f04cb3c7b67d2022-01-04 14:20:37.962root 11241100x80000000000000004282420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600caa3cb2c42c3d2022-01-04 14:20:38.459root 11241100x80000000000000004282421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cead180709631c0d2022-01-04 14:20:38.459root 11241100x80000000000000004282422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab59b62277c14e62022-01-04 14:20:38.459root 11241100x80000000000000004282423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ca12ac71edbd392022-01-04 14:20:38.460root 11241100x80000000000000004282424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f5951021b1f47a2022-01-04 14:20:38.460root 11241100x80000000000000004282425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5979a4a5e0922acd2022-01-04 14:20:38.460root 11241100x80000000000000004282426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e923bd77f51d102f2022-01-04 14:20:38.460root 11241100x80000000000000004282427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec66a2a991881c842022-01-04 14:20:38.461root 11241100x80000000000000004282428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973d9cff8a95e7822022-01-04 14:20:38.461root 11241100x80000000000000004282429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d8153242841d232022-01-04 14:20:38.461root 11241100x80000000000000004282430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a6a9054019c102022-01-04 14:20:38.461root 11241100x80000000000000004282431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742278bf19088f72022-01-04 14:20:38.461root 11241100x80000000000000004282432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cf44ccd8c4b3382022-01-04 14:20:38.461root 11241100x80000000000000004282433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de8ee42abc30b012022-01-04 14:20:38.461root 11241100x80000000000000004282434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ef663372dafd52022-01-04 14:20:38.461root 11241100x80000000000000004282435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590ee2b54eb82c822022-01-04 14:20:38.461root 11241100x80000000000000004282436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514321d51938702e2022-01-04 14:20:38.462root 11241100x80000000000000004282437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ca857ad5ff8d662022-01-04 14:20:38.462root 11241100x80000000000000004282438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08132ef34a9d37122022-01-04 14:20:38.462root 11241100x80000000000000004282439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349013348649dd3f2022-01-04 14:20:38.462root 11241100x80000000000000004282440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb19c737a6cf3812022-01-04 14:20:38.462root 11241100x80000000000000004282441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad928ca9d52c6aa72022-01-04 14:20:38.462root 11241100x80000000000000004282442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f148298aba33b2022-01-04 14:20:38.462root 11241100x80000000000000004282443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f5a85ee18c22342022-01-04 14:20:38.462root 11241100x80000000000000004282444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0ad80eee05b3872022-01-04 14:20:38.462root 11241100x80000000000000004282445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf9735b57cbe7762022-01-04 14:20:38.462root 11241100x80000000000000004282446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e190b953569693ec2022-01-04 14:20:38.462root 11241100x80000000000000004282447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca1a7c30ecf62612022-01-04 14:20:38.462root 11241100x80000000000000004282448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d562eda31fa01212022-01-04 14:20:38.462root 11241100x80000000000000004282449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b64d7b7ad49918b2022-01-04 14:20:38.462root 11241100x80000000000000004282450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ffd0488b8a25002022-01-04 14:20:38.462root 11241100x80000000000000004282451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190b9c6c6878e4d62022-01-04 14:20:38.463root 11241100x80000000000000004282452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4977f409e6a1350d2022-01-04 14:20:38.463root 11241100x80000000000000004282453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8119961ef9371bc62022-01-04 14:20:38.463root 11241100x80000000000000004282454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3f0590c0382dd92022-01-04 14:20:38.463root 11241100x80000000000000004282455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabe98dff11b9bc22022-01-04 14:20:38.463root 11241100x80000000000000004282456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a71b3c4a6d805492022-01-04 14:20:38.464root 11241100x80000000000000004282457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91467d303e6c0add2022-01-04 14:20:38.959root 11241100x80000000000000004282458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccecd68df210f392022-01-04 14:20:38.960root 11241100x80000000000000004282459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42545b5a4e284d172022-01-04 14:20:38.960root 11241100x80000000000000004282460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d8cf43416b8b962022-01-04 14:20:38.960root 11241100x80000000000000004282461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0cab78a089fe5d2022-01-04 14:20:38.960root 11241100x80000000000000004282462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195a8ffa45ac8d2d2022-01-04 14:20:38.960root 11241100x80000000000000004282463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e1cc8f81c0240d2022-01-04 14:20:38.960root 11241100x80000000000000004282464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce722a38aa7983c02022-01-04 14:20:38.961root 11241100x80000000000000004282465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f78fd89970f9c7c2022-01-04 14:20:38.961root 11241100x80000000000000004282466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d020d1cdf9419c912022-01-04 14:20:38.961root 11241100x80000000000000004282467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432feb9a7dc5dee02022-01-04 14:20:38.961root 11241100x80000000000000004282468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877ec607b05abd5e2022-01-04 14:20:38.961root 11241100x80000000000000004282469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce4b7a0f14bf4bb2022-01-04 14:20:38.961root 11241100x80000000000000004282470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2976384bfaa3d4ba2022-01-04 14:20:38.961root 11241100x80000000000000004282471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef3fd479a315c8e2022-01-04 14:20:38.961root 11241100x80000000000000004282472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52619bd60b6cb74c2022-01-04 14:20:38.961root 11241100x80000000000000004282473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6866944383d9022022-01-04 14:20:38.961root 11241100x80000000000000004282474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8580ad6780f7b0782022-01-04 14:20:38.961root 11241100x80000000000000004282475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e9bbcbc48ea4ad2022-01-04 14:20:38.961root 11241100x80000000000000004282476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c06577703ffeb552022-01-04 14:20:38.961root 11241100x80000000000000004282477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc0570ef3f9cac72022-01-04 14:20:38.962root 11241100x80000000000000004282478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56e1fa010750c762022-01-04 14:20:38.962root 11241100x80000000000000004282479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b3c40875e44e1b2022-01-04 14:20:38.962root 11241100x80000000000000004282480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f004ce94ae7857142022-01-04 14:20:38.962root 11241100x80000000000000004282481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af247388f1d9244e2022-01-04 14:20:38.962root 11241100x80000000000000004282482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052afdc89f0ab2082022-01-04 14:20:38.962root 11241100x80000000000000004282483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f741a81679b4ca42022-01-04 14:20:38.962root 11241100x80000000000000004282484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c121e628f2b6a8902022-01-04 14:20:39.459root 11241100x80000000000000004282485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3cdc1da289cdb52022-01-04 14:20:39.459root 11241100x80000000000000004282486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5c5d597efa35092022-01-04 14:20:39.459root 11241100x80000000000000004282487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969883146d78eb362022-01-04 14:20:39.460root 11241100x80000000000000004282488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26ed88025f25ce62022-01-04 14:20:39.460root 11241100x80000000000000004282489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ecf3d3d2aff1cf2022-01-04 14:20:39.460root 11241100x80000000000000004282490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b039028e2aea262022-01-04 14:20:39.460root 11241100x80000000000000004282491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549845f2fe61dfff2022-01-04 14:20:39.460root 11241100x80000000000000004282492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061dd6ab531a63062022-01-04 14:20:39.461root 11241100x80000000000000004282493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d76f4b8c79f7a062022-01-04 14:20:39.461root 11241100x80000000000000004282494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeb3dcb94f95dbf2022-01-04 14:20:39.461root 11241100x80000000000000004282495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2746f1048056c62022-01-04 14:20:39.461root 11241100x80000000000000004282496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c91d0b645aba822022-01-04 14:20:39.462root 11241100x80000000000000004282497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde1cce5c1c999d32022-01-04 14:20:39.462root 11241100x80000000000000004282498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aff49f7acc804a92022-01-04 14:20:39.462root 11241100x80000000000000004282499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861d1f031b85e4512022-01-04 14:20:39.462root 11241100x80000000000000004282500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfd207cc6d8b1382022-01-04 14:20:39.462root 11241100x80000000000000004282501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1d57fb43b98882022-01-04 14:20:39.462root 11241100x80000000000000004282502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6759c966f34c5642022-01-04 14:20:39.462root 11241100x80000000000000004282503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4308ddee1189410f2022-01-04 14:20:39.462root 11241100x80000000000000004282504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2a6f7480a6c52d2022-01-04 14:20:39.462root 11241100x80000000000000004282505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7de46bfa46dea992022-01-04 14:20:39.462root 11241100x80000000000000004282506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec73bf53d7cb1cc2022-01-04 14:20:39.462root 11241100x80000000000000004282507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934e33115c0c677d2022-01-04 14:20:39.463root 11241100x80000000000000004282508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5166af6b367d04982022-01-04 14:20:39.463root 11241100x80000000000000004282509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bb699860e06432022-01-04 14:20:39.463root 11241100x80000000000000004282510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee14dc6ca2bf082022-01-04 14:20:39.463root 11241100x80000000000000004282511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131304aabf3ed8222022-01-04 14:20:39.463root 11241100x80000000000000004282512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf64713ffdc797d92022-01-04 14:20:39.463root 11241100x80000000000000004282513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a30fe01e9fea3d2022-01-04 14:20:39.463root 11241100x80000000000000004282514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf92ec51551efd52022-01-04 14:20:39.463root 11241100x80000000000000004282515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464ae500c06ccb002022-01-04 14:20:39.463root 11241100x80000000000000004282516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c93fb0398e755472022-01-04 14:20:39.463root 11241100x80000000000000004282517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6338139d36e43b632022-01-04 14:20:39.463root 11241100x80000000000000004282518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcea3895eee873342022-01-04 14:20:39.463root 11241100x80000000000000004282519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3d33cc378f9cfe2022-01-04 14:20:39.463root 11241100x80000000000000004282520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abb947f39ad6ba32022-01-04 14:20:39.463root 11241100x80000000000000004282521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786089653cd48bce2022-01-04 14:20:39.463root 11241100x80000000000000004282522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50ff892517225cd2022-01-04 14:20:39.960root 11241100x80000000000000004282523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bfa90e870227bd2022-01-04 14:20:39.960root 11241100x80000000000000004282524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b621fadf1502c9822022-01-04 14:20:39.960root 11241100x80000000000000004282525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae07e30d69cd50e2022-01-04 14:20:39.960root 11241100x80000000000000004282526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36587e3f1a1e9cf12022-01-04 14:20:39.960root 11241100x80000000000000004282527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0c06542245f9522022-01-04 14:20:39.960root 11241100x80000000000000004282528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674f30f71dd495e22022-01-04 14:20:39.960root 11241100x80000000000000004282529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb089761fcd8a5d12022-01-04 14:20:39.960root 11241100x80000000000000004282530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6fc2532dc3489c2022-01-04 14:20:39.960root 11241100x80000000000000004282531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc0e6891fcb191a2022-01-04 14:20:39.961root 11241100x80000000000000004282532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d565b3efb8139e42022-01-04 14:20:39.961root 11241100x80000000000000004282533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678f8054f78981152022-01-04 14:20:39.961root 11241100x80000000000000004282534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3a969795b45dff2022-01-04 14:20:39.961root 11241100x80000000000000004282535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03acf8d14b2d33242022-01-04 14:20:39.961root 11241100x80000000000000004282536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c11b138d5bcac72022-01-04 14:20:39.961root 11241100x80000000000000004282537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d06c5fe5b3a439a2022-01-04 14:20:39.961root 11241100x80000000000000004282538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b17c351d73c8bd2022-01-04 14:20:39.961root 11241100x80000000000000004282539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86d00df08ff113b2022-01-04 14:20:39.961root 11241100x80000000000000004282540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be54d387702e4642022-01-04 14:20:39.961root 11241100x80000000000000004282541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98bff97340f88e82022-01-04 14:20:39.961root 11241100x80000000000000004282542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f40aab47395049e2022-01-04 14:20:39.961root 11241100x80000000000000004282543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fad7680445e7d12022-01-04 14:20:39.961root 11241100x80000000000000004282544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75feb3310e7147a52022-01-04 14:20:39.961root 11241100x80000000000000004282545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26d622cb12db5062022-01-04 14:20:39.961root 11241100x80000000000000004282546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe0080e68d9cdae2022-01-04 14:20:39.962root 11241100x80000000000000004282547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b150c3f21b5a9e12022-01-04 14:20:39.962root 11241100x80000000000000004282548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88389dc401b3844e2022-01-04 14:20:39.962root 11241100x80000000000000004282549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a463f5fee38726632022-01-04 14:20:40.459root 11241100x80000000000000004282550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a00149c32aa8822022-01-04 14:20:40.460root 11241100x80000000000000004282551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b9e16a1fcd398e2022-01-04 14:20:40.460root 11241100x80000000000000004282552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aec18708992aab2022-01-04 14:20:40.460root 11241100x80000000000000004282553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e220991aa04c0d2022-01-04 14:20:40.461root 11241100x80000000000000004282554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50dd64076ab21ef2022-01-04 14:20:40.461root 11241100x80000000000000004282555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4af3b85dea4e52b2022-01-04 14:20:40.461root 11241100x80000000000000004282556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa630032586156d2022-01-04 14:20:40.461root 11241100x80000000000000004282557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b032cfb5d52bcedc2022-01-04 14:20:40.461root 11241100x80000000000000004282558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6997e3ed8b5ecc92022-01-04 14:20:40.462root 11241100x80000000000000004282559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f718b07342770c662022-01-04 14:20:40.462root 11241100x80000000000000004282560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb83b4c50badfe1c2022-01-04 14:20:40.462root 11241100x80000000000000004282561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e612bed38a8208a2022-01-04 14:20:40.462root 11241100x80000000000000004282562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e6295a3059ae9a2022-01-04 14:20:40.463root 11241100x80000000000000004282563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f904cc983fef867e2022-01-04 14:20:40.463root 11241100x80000000000000004282564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf54060fb8a454b2022-01-04 14:20:40.463root 11241100x80000000000000004282565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2a9f67421aa1f82022-01-04 14:20:40.464root 11241100x80000000000000004282566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f5c0cf2d891e782022-01-04 14:20:40.464root 11241100x80000000000000004282567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf96073a63675c572022-01-04 14:20:40.464root 11241100x80000000000000004282568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fdd3e4a5d314e82022-01-04 14:20:40.464root 11241100x80000000000000004282569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867f260b168d3532022-01-04 14:20:40.464root 11241100x80000000000000004282570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913dcce0f7909a012022-01-04 14:20:40.464root 11241100x80000000000000004282571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e61b9eb51b135d22022-01-04 14:20:40.465root 11241100x80000000000000004282572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bf964b1a0b96822022-01-04 14:20:40.465root 11241100x80000000000000004282573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3257277ce7355052022-01-04 14:20:40.465root 11241100x80000000000000004282574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906ff02a462374fe2022-01-04 14:20:40.465root 11241100x80000000000000004282575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975ba3f9816157f42022-01-04 14:20:40.465root 11241100x80000000000000004282576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54eaa4863bec0d82022-01-04 14:20:40.465root 11241100x80000000000000004282577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e38d35dc611cd2022-01-04 14:20:40.465root 11241100x80000000000000004282578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b078cd25d65b4172022-01-04 14:20:40.465root 11241100x80000000000000004282579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f68adb1d3a26b2022-01-04 14:20:40.465root 11241100x80000000000000004282580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991fc019abbee12a2022-01-04 14:20:40.960root 11241100x80000000000000004282581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6984880738fc502022-01-04 14:20:40.960root 11241100x80000000000000004282582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c07912690887b32022-01-04 14:20:40.960root 11241100x80000000000000004282583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb436570f6987fd2022-01-04 14:20:40.960root 11241100x80000000000000004282584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa14dc0d88555b82022-01-04 14:20:40.960root 11241100x80000000000000004282585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344193f9792741332022-01-04 14:20:40.960root 11241100x80000000000000004282586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03feb28c5faf89612022-01-04 14:20:40.960root 11241100x80000000000000004282587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c807da576ac3fc62022-01-04 14:20:40.960root 11241100x80000000000000004282588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590cff44cdc872f82022-01-04 14:20:40.960root 11241100x80000000000000004282589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03c5621f7f76da32022-01-04 14:20:40.960root 11241100x80000000000000004282590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593b1f333d8933d12022-01-04 14:20:40.960root 11241100x80000000000000004282591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c45681941a539d72022-01-04 14:20:40.960root 11241100x80000000000000004282592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5314d6f605e9fd62022-01-04 14:20:40.960root 11241100x80000000000000004282593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c29fa1824da1442022-01-04 14:20:40.961root 11241100x80000000000000004282594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8cb9c0463264ab2022-01-04 14:20:40.961root 11241100x80000000000000004282595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63c74c8e97e9f672022-01-04 14:20:40.961root 11241100x80000000000000004282596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319b6648483272f62022-01-04 14:20:40.961root 11241100x80000000000000004282597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602707b01739dcf02022-01-04 14:20:40.961root 11241100x80000000000000004282598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e409cc6a436631112022-01-04 14:20:40.961root 11241100x80000000000000004282599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ed1c2334ea5552022-01-04 14:20:40.961root 11241100x80000000000000004282600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe863d2385be9c092022-01-04 14:20:40.961root 11241100x80000000000000004282601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89755a6c3ebc40702022-01-04 14:20:40.961root 11241100x80000000000000004282602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8ff154db8009d2022-01-04 14:20:40.961root 11241100x80000000000000004282603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958a2a58b70e04352022-01-04 14:20:40.961root 11241100x80000000000000004282604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcc8fdf7266ae142022-01-04 14:20:40.961root 11241100x80000000000000004282605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e9dd1768dc7cfa2022-01-04 14:20:40.961root 11241100x80000000000000004282606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12758a068c8d924a2022-01-04 14:20:40.961root 11241100x80000000000000004282607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88ade05a57209312022-01-04 14:20:41.459root 11241100x80000000000000004282608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140b56e215aa08162022-01-04 14:20:41.459root 11241100x80000000000000004282609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb23ec9aaa9febaf2022-01-04 14:20:41.459root 11241100x80000000000000004282610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8036d395e96c7e492022-01-04 14:20:41.459root 11241100x80000000000000004282611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b828e70b3f3c3532022-01-04 14:20:41.459root 11241100x80000000000000004282612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aad887c8964947c2022-01-04 14:20:41.460root 11241100x80000000000000004282613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7230742573c564c2022-01-04 14:20:41.460root 11241100x80000000000000004282614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a478ab5e0108b72022-01-04 14:20:41.460root 11241100x80000000000000004282615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ec69e45da97fea2022-01-04 14:20:41.460root 11241100x80000000000000004282616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab209a868469a5122022-01-04 14:20:41.460root 11241100x80000000000000004282617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6e4fa12dc2b0a12022-01-04 14:20:41.460root 11241100x80000000000000004282618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11734936748052fb2022-01-04 14:20:41.460root 11241100x80000000000000004282619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9c94d68c42361e2022-01-04 14:20:41.460root 11241100x80000000000000004282620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60098c33e60bfc02022-01-04 14:20:41.460root 11241100x80000000000000004282621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd454070fc83eed2022-01-04 14:20:41.460root 11241100x80000000000000004282622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b964bbc71ce3c682022-01-04 14:20:41.460root 11241100x80000000000000004282623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d05b45ad7c6c32022-01-04 14:20:41.461root 11241100x80000000000000004282624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ac3f8f99fe4f3e2022-01-04 14:20:41.461root 11241100x80000000000000004282625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf1c081c5e9724e2022-01-04 14:20:41.461root 11241100x80000000000000004282626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9942410f278edff42022-01-04 14:20:41.461root 11241100x80000000000000004282627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5612982cb59176fa2022-01-04 14:20:41.461root 11241100x80000000000000004282628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110da239d7f00d8f2022-01-04 14:20:41.461root 11241100x80000000000000004282629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e18fa0ad559ef732022-01-04 14:20:41.461root 11241100x80000000000000004282630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaf9e099d9ddc3b2022-01-04 14:20:41.461root 11241100x80000000000000004282631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5dffc2ce8713df2022-01-04 14:20:41.461root 11241100x80000000000000004282632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f102f46ba453d962022-01-04 14:20:41.461root 11241100x80000000000000004282633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffde157a769dd3c2022-01-04 14:20:41.461root 11241100x80000000000000004282634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68929419fd14ffeb2022-01-04 14:20:41.461root 11241100x80000000000000004282635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25df0cbc835d80fa2022-01-04 14:20:41.462root 154100x80000000000000004282636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.775{ec2e79f3-57b9-61d4-08ce-212f1e560000}14994/usr/bin/sudo-----sudo su/home/ubuntuubuntu{ec2e79f3-575f-61d4-e803-000000000000}100037no level-{ec2e79f3-575f-61d4-0844-b7e58b550000}14975/bin/bash-bashubuntu 11241100x80000000000000004282637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.777{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98833c6a7f7d00552022-01-04 14:20:41.777root 11241100x80000000000000004282638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.777{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01f332c923da6432022-01-04 14:20:41.777root 11241100x80000000000000004282639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.778{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb768b99a3dc4ff32022-01-04 14:20:41.778root 11241100x80000000000000004282640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.778{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1895d879dd412b9a2022-01-04 14:20:41.778root 11241100x80000000000000004282641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.778{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98458ef7f9c33f352022-01-04 14:20:41.778root 11241100x80000000000000004282642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.778{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8266000834c6b4352022-01-04 14:20:41.778root 11241100x80000000000000004282643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.778{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1330e934276fde2022-01-04 14:20:41.778root 11241100x80000000000000004282644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.778{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ba654794cd21e92022-01-04 14:20:41.778root 11241100x80000000000000004282645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.779{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb87118bd4c90b52022-01-04 14:20:41.779root 11241100x80000000000000004282646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.779{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cf476952bbfb922022-01-04 14:20:41.779root 11241100x80000000000000004282647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.779{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0a04d2a4c0e76b2022-01-04 14:20:41.779root 11241100x80000000000000004282648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.779{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1893396d10be8cf2022-01-04 14:20:41.779root 11241100x80000000000000004282649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.779{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c461afaa7b96aeae2022-01-04 14:20:41.779root 11241100x80000000000000004282650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.780{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9207d556629fe8962022-01-04 14:20:41.780root 354300x80000000000000004282651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.780{ec2e79f3-57b9-61d4-08ce-212f1e560000}14994/usr/bin/sudoubuntuudptruefalse127.0.0.1-32826-false127.0.0.53-53- 354300x80000000000000004282652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.780{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-55897-false10.0.0.2-53- 354300x80000000000000004282653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.780{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-49837-false10.0.0.2-53- 11241100x80000000000000004282654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.780{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc4de61bcdddcc92022-01-04 14:20:41.780root 11241100x80000000000000004282655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.781{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4b9baa3efcea12022-01-04 14:20:41.781root 11241100x80000000000000004282656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.782{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c79fc243b5c4532022-01-04 14:20:41.782root 11241100x80000000000000004282657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.782{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38e821d78a70392022-01-04 14:20:41.782root 11241100x80000000000000004282658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.783{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79a98d8b451e3352022-01-04 14:20:41.783root 11241100x80000000000000004282659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.783{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c43a277c9a7dca62022-01-04 14:20:41.783root 11241100x80000000000000004282660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.783{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c0c283efb735cd2022-01-04 14:20:41.783root 11241100x80000000000000004282661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.783{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d58176d8bbbcd72022-01-04 14:20:41.783root 11241100x80000000000000004282662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.784{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aac566d6a5f3cf2022-01-04 14:20:41.784root 11241100x80000000000000004282663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.784{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cfab4bb11e410f2022-01-04 14:20:41.784root 11241100x80000000000000004282664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.785{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50888fb0c55979942022-01-04 14:20:41.785root 11241100x80000000000000004282665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.785{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd77f7c61283db22022-01-04 14:20:41.785root 11241100x80000000000000004282666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.785{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c67d7d1e2683b02022-01-04 14:20:41.785root 11241100x80000000000000004282667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.786{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5460538ec7fdc0fd2022-01-04 14:20:41.786root 11241100x80000000000000004282668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.786{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27759a2f017f9d2022-01-04 14:20:41.786root 11241100x80000000000000004282669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.787{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a338926a251ee2632022-01-04 14:20:41.787root 11241100x80000000000000004282670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.787{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e766d103fda794a2022-01-04 14:20:41.787root 354300x80000000000000004282671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.799{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-32826- 354300x80000000000000004282672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.799{ec2e79f3-57b9-61d4-08ce-212f1e560000}14994/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-52324- 354300x80000000000000004282673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.799{ec2e79f3-57b9-61d4-08ce-212f1e560000}14994/usr/bin/sudoubuntuudptruefalse127.0.0.1-52324-false127.0.0.53-53- 354300x80000000000000004282674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.799{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52324- 154100x80000000000000004282675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.803{ec2e79f3-57b9-61d4-88ad-a317b1550000}14995/bin/su-----su/home/ubunturoot{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-57b9-61d4-08ce-212f1e560000}14994/usr/bin/sudosudoubuntu 154100x80000000000000004282676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.818{ec2e79f3-57b9-61d4-08c4-1e69ba550000}14996/bin/bash-----bash/home/ubunturoot{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-57b9-61d4-88ad-a317b1550000}14995/bin/susuroot 154100x80000000000000004282677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.821{ec2e79f3-57b9-61d4-e000-cb3a0a560000}14998/usr/bin/groups-----groups/home/ubunturoot{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14997--- 534500x80000000000000004282678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.824{ec2e79f3-57b9-61d4-e000-cb3a0a560000}14998/usr/bin/groupsroot 534500x80000000000000004282679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.824{00000000-0000-0000-0000-000000000000}14997<unknown process>root 154100x80000000000000004282680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.826{ec2e79f3-57b9-61d4-6882-4efb66550000}15000/bin/dash-----/bin/sh /usr/bin/lesspipe/home/ubunturoot{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14999--- 154100x80000000000000004282681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.827{ec2e79f3-57b9-61d4-e87b-ddcb5e550000}15001/usr/bin/basename-----basename /usr/bin/lesspipe/home/ubunturoot{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-57b9-61d4-6882-4efb66550000}15000/bin/dash/bin/shroot 534500x80000000000000004282682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.828{ec2e79f3-57b9-61d4-e87b-ddcb5e550000}15001/usr/bin/basenameroot 154100x80000000000000004282683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.828{ec2e79f3-57b9-61d4-e8e8-a427a6550000}15003/usr/bin/dirname-----dirname /usr/bin/lesspipe/home/ubunturoot{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}15002--- 534500x80000000000000004282684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.829{ec2e79f3-57b9-61d4-e8e8-a427a6550000}15003/usr/bin/dirnameroot 534500x80000000000000004282685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.829{ec2e79f3-575f-61d4-0000-000000000000}15002-root 534500x80000000000000004282686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.829{ec2e79f3-57b9-61d4-6882-4efb66550000}15000/bin/dashroot 534500x80000000000000004282687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.830{00000000-0000-0000-0000-000000000000}14999<unknown process>root 154100x80000000000000004282688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.836{ec2e79f3-57b9-61d4-4879-683e59550000}15005/usr/bin/dircolors-----dircolors -b/home/ubunturoot{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}15004--- 534500x80000000000000004282689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.837{ec2e79f3-57b9-61d4-4879-683e59550000}15005/usr/bin/dircolorsroot 534500x80000000000000004282690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:41.837{ec2e79f3-575f-61d4-0000-000000000000}15004-root 11241100x80000000000000004282691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d76a48e92b9f0742022-01-04 14:20:42.209root 11241100x80000000000000004282692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f91f9d271abdbbb2022-01-04 14:20:42.209root 11241100x80000000000000004282693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32d9cdf009936872022-01-04 14:20:42.210root 11241100x80000000000000004282694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e383e61047a408c32022-01-04 14:20:42.210root 11241100x80000000000000004282695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e87bc1a400df8462022-01-04 14:20:42.210root 11241100x80000000000000004282696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1b0522abef3bc62022-01-04 14:20:42.210root 11241100x80000000000000004282697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a3d6ff4579f50f2022-01-04 14:20:42.210root 11241100x80000000000000004282698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecc9a1388bc7c3f2022-01-04 14:20:42.210root 11241100x80000000000000004282699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae0c556de7fe1002022-01-04 14:20:42.210root 11241100x80000000000000004282700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b039552cf13b2d692022-01-04 14:20:42.210root 11241100x80000000000000004282701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d73a81d161a2d122022-01-04 14:20:42.210root 11241100x80000000000000004282702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f5839f207ccbec2022-01-04 14:20:42.211root 11241100x80000000000000004282703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4bb23a2332c842022-01-04 14:20:42.211root 11241100x80000000000000004282704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591da7da6cc74fd22022-01-04 14:20:42.211root 11241100x80000000000000004282705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3908b3cd67e185072022-01-04 14:20:42.211root 11241100x80000000000000004282706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f5914d647386762022-01-04 14:20:42.211root 11241100x80000000000000004282707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d77a4f285daa4b2022-01-04 14:20:42.211root 11241100x80000000000000004282708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a275705a0ed1852022-01-04 14:20:42.211root 11241100x80000000000000004282709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cf4eefeb3ba0842022-01-04 14:20:42.211root 11241100x80000000000000004282710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9326da4a2f7909e42022-01-04 14:20:42.211root 11241100x80000000000000004282711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a9f81c7d0ac39e2022-01-04 14:20:42.212root 11241100x80000000000000004282712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7abda3600ab47e2022-01-04 14:20:42.212root 11241100x80000000000000004282713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bead92854ee1c922022-01-04 14:20:42.212root 11241100x80000000000000004282714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6f985678f890e32022-01-04 14:20:42.212root 11241100x80000000000000004282715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed2cc028724bc6d2022-01-04 14:20:42.212root 11241100x80000000000000004282716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f087cb908977acd52022-01-04 14:20:42.212root 11241100x80000000000000004282717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e917ade65a7189c82022-01-04 14:20:42.212root 11241100x80000000000000004282718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9047a9345f3de7762022-01-04 14:20:42.212root 11241100x80000000000000004282719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7d0dc69941baec2022-01-04 14:20:42.212root 11241100x80000000000000004282720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98ee2bbe79d9a22022-01-04 14:20:42.212root 11241100x80000000000000004282721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea92028926db5bb2022-01-04 14:20:42.213root 11241100x80000000000000004282722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae26b0dc6d89a0b2022-01-04 14:20:42.213root 11241100x80000000000000004282723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269189c5b50a4b7e2022-01-04 14:20:42.213root 11241100x80000000000000004282724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba8e0c89ff6b78e2022-01-04 14:20:42.213root 11241100x80000000000000004282725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cda1a49dbdcce432022-01-04 14:20:42.213root 11241100x80000000000000004282726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95e9d5e3959f05b2022-01-04 14:20:42.213root 11241100x80000000000000004282727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccef22dc9c9b0fd52022-01-04 14:20:42.213root 11241100x80000000000000004282728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f4143120c6db822022-01-04 14:20:42.213root 11241100x80000000000000004282729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02fbc4b491c75882022-01-04 14:20:42.213root 11241100x80000000000000004282730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3354bfed9de359bb2022-01-04 14:20:42.214root 11241100x80000000000000004282731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1926c1bf3c69da202022-01-04 14:20:42.214root 11241100x80000000000000004282732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86dfb53673328122022-01-04 14:20:42.214root 11241100x80000000000000004282733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6bc3ca2254165e2022-01-04 14:20:42.214root 11241100x80000000000000004282734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a007fb39ebc519b72022-01-04 14:20:42.214root 11241100x80000000000000004282735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfe96584929c57c2022-01-04 14:20:42.214root 11241100x80000000000000004282736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fee17614d035e082022-01-04 14:20:42.214root 11241100x80000000000000004282737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba38a49000eb6e72022-01-04 14:20:42.214root 11241100x80000000000000004282738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154315eb3ea92c8c2022-01-04 14:20:42.214root 11241100x80000000000000004282739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f716f39783edb222022-01-04 14:20:42.214root 11241100x80000000000000004282740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f0a934b5a46a962022-01-04 14:20:42.214root 11241100x80000000000000004282741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cb857a22c9dc9a2022-01-04 14:20:42.214root 11241100x80000000000000004282742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd9f1017ed7eae12022-01-04 14:20:42.214root 11241100x80000000000000004282743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8e8a927a6ae4a62022-01-04 14:20:42.215root 11241100x80000000000000004282744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7421218a8dea2e2022-01-04 14:20:42.215root 11241100x80000000000000004282745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4ff7450bcd506f2022-01-04 14:20:42.215root 11241100x80000000000000004282746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e62b1c4a21f72f52022-01-04 14:20:42.215root 11241100x80000000000000004282747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b31f6f938bb9c82022-01-04 14:20:42.215root 11241100x80000000000000004282748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c7eedb1f52b9d82022-01-04 14:20:42.215root 11241100x80000000000000004282749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6314daf122b56d2022-01-04 14:20:42.215root 11241100x80000000000000004282750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f90e6709c3b0612022-01-04 14:20:42.215root 11241100x80000000000000004282751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd5c0e1d01685202022-01-04 14:20:42.215root 11241100x80000000000000004282752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d0aef3520411112022-01-04 14:20:42.215root 11241100x80000000000000004282753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ce7731d183f6bf2022-01-04 14:20:42.215root 11241100x80000000000000004282754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a23069de3344672022-01-04 14:20:42.215root 11241100x80000000000000004282755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef514fc12a9afad2022-01-04 14:20:42.215root 11241100x80000000000000004282756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef26f229384f6b62022-01-04 14:20:42.215root 11241100x80000000000000004282757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e371ebcdf5e164c22022-01-04 14:20:42.215root 11241100x80000000000000004282758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf91fc0c31302d222022-01-04 14:20:42.216root 11241100x80000000000000004282759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16357ba7359cd3532022-01-04 14:20:42.216root 11241100x80000000000000004282760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d51131cff8685e02022-01-04 14:20:42.216root 11241100x80000000000000004282761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7336f0f87525552022-01-04 14:20:42.216root 11241100x80000000000000004282762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833be1653dc5d2242022-01-04 14:20:42.216root 11241100x80000000000000004282763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e211b02567cfca9f2022-01-04 14:20:42.216root 11241100x80000000000000004282764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b608c1476892772022-01-04 14:20:42.216root 11241100x80000000000000004282765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515ec9895e6205c52022-01-04 14:20:42.216root 11241100x80000000000000004282766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9065d142d75f8a6d2022-01-04 14:20:42.216root 11241100x80000000000000004282767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30380a9387884092022-01-04 14:20:42.216root 11241100x80000000000000004282768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ec109109b2a42f2022-01-04 14:20:42.216root 11241100x80000000000000004282769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fc091a3832f4e42022-01-04 14:20:42.216root 354300x80000000000000004282770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41558-false10.0.1.12-8000- 11241100x80000000000000004282771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bae375ca12e0602022-01-04 14:20:42.216root 11241100x80000000000000004282772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b578552a990f4fd2022-01-04 14:20:42.217root 11241100x80000000000000004282773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7c3edfbb99f70b2022-01-04 14:20:42.217root 11241100x80000000000000004282774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1e57a5787056812022-01-04 14:20:42.217root 11241100x80000000000000004282775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63759050d697d182022-01-04 14:20:42.217root 11241100x80000000000000004282776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4aa8e8d7a0a1532022-01-04 14:20:42.217root 11241100x80000000000000004282777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcc8c4a1369d5d32022-01-04 14:20:42.217root 11241100x80000000000000004282778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e05c3f1c9066682022-01-04 14:20:42.217root 11241100x80000000000000004282779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9b7409224d8bfa2022-01-04 14:20:42.217root 11241100x80000000000000004282780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901ea451261eb2a12022-01-04 14:20:42.217root 11241100x80000000000000004282781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dd724ae33147bc2022-01-04 14:20:42.217root 11241100x80000000000000004282782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3013ff162bfc90f62022-01-04 14:20:42.217root 11241100x80000000000000004282783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885a0bdd797c56572022-01-04 14:20:42.218root 11241100x80000000000000004282784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c819e70bda1311a52022-01-04 14:20:42.219root 11241100x80000000000000004282785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa8dfe8c248f1cd2022-01-04 14:20:42.219root 11241100x80000000000000004282786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102e80658b7ffb8c2022-01-04 14:20:42.219root 11241100x80000000000000004282787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffdab70a31f5b842022-01-04 14:20:42.219root 11241100x80000000000000004282788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f00c80bf2001492022-01-04 14:20:42.219root 11241100x80000000000000004282789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcc8420336f72aa2022-01-04 14:20:42.223root 11241100x80000000000000004282790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8746ea83960d8f602022-01-04 14:20:42.224root 11241100x80000000000000004282791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071151a22c62ba6a2022-01-04 14:20:42.224root 11241100x80000000000000004282792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7f02f166c1c1dd2022-01-04 14:20:42.224root 11241100x80000000000000004282793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56c2f6fbf9293fc2022-01-04 14:20:42.224root 11241100x80000000000000004282794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7bcf100066974a2022-01-04 14:20:42.219root 11241100x80000000000000004282795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49311f879c0380b92022-01-04 14:20:42.219root 11241100x80000000000000004282796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43e6428961f30e22022-01-04 14:20:42.220root 11241100x80000000000000004282797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b77f1b6275c317a2022-01-04 14:20:42.220root 11241100x80000000000000004282798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1d9f03b2307022022-01-04 14:20:42.220root 11241100x80000000000000004282799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee806cc3ee35aa72022-01-04 14:20:42.220root 11241100x80000000000000004282800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0331022d3d81506c2022-01-04 14:20:42.220root 11241100x80000000000000004282801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf9034c80b808552022-01-04 14:20:42.226root 11241100x80000000000000004282802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3327611f3ac2dd932022-01-04 14:20:42.226root 11241100x80000000000000004282803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8cd2692d297d252022-01-04 14:20:42.226root 11241100x80000000000000004282804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c272645ecf879f8f2022-01-04 14:20:42.226root 11241100x80000000000000004282805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d507c83379f72642022-01-04 14:20:42.226root 11241100x80000000000000004282806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564488db550ed12a2022-01-04 14:20:42.226root 11241100x80000000000000004282807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0100966472804d752022-01-04 14:20:42.226root 11241100x80000000000000004282808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bc8330e83a3b92022-01-04 14:20:42.226root 11241100x80000000000000004282809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7cbbd3fdd952622022-01-04 14:20:42.226root 11241100x80000000000000004282810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ce3281e6cbdc532022-01-04 14:20:42.226root 11241100x80000000000000004282811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88c6f184ddafd172022-01-04 14:20:42.227root 11241100x80000000000000004282812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ca0e226056c1ed2022-01-04 14:20:42.227root 11241100x80000000000000004282813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a331d1d5ebd4835f2022-01-04 14:20:42.227root 11241100x80000000000000004282814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bd20bec9e804972022-01-04 14:20:42.227root 11241100x80000000000000004282815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78d3a1697bdc9ea2022-01-04 14:20:42.227root 11241100x80000000000000004282816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edacdd8fa0a949e02022-01-04 14:20:42.227root 11241100x80000000000000004282817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e7cab1c0a39cba2022-01-04 14:20:42.227root 11241100x80000000000000004282818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a151a41c3606152022-01-04 14:20:42.227root 11241100x80000000000000004282819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482670a12fcead3a2022-01-04 14:20:42.227root 11241100x80000000000000004282820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f61f4cfda6ec2d2022-01-04 14:20:42.227root 11241100x80000000000000004282821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc5d5053406de562022-01-04 14:20:42.227root 11241100x80000000000000004282822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2a1368cd1255202022-01-04 14:20:42.228root 11241100x80000000000000004282823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d793afcb94fc862f2022-01-04 14:20:42.228root 11241100x80000000000000004282824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f8d6f6afed48e62022-01-04 14:20:42.228root 11241100x80000000000000004282825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5b8e8e1c9fe4f32022-01-04 14:20:42.228root 11241100x80000000000000004282826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b95e2ccc2c427ae2022-01-04 14:20:42.228root 11241100x80000000000000004282827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e06413fe93f98e2022-01-04 14:20:42.228root 11241100x80000000000000004282828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6298d233473e47c2022-01-04 14:20:42.228root 11241100x80000000000000004282829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7cce232fe40f522022-01-04 14:20:42.228root 11241100x80000000000000004282830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd556272ada04562022-01-04 14:20:42.228root 11241100x80000000000000004282831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e62bacfe8852d82022-01-04 14:20:42.228root 11241100x80000000000000004282832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68b75282c9a6cad2022-01-04 14:20:42.228root 11241100x80000000000000004282833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12816ebb98bac882022-01-04 14:20:42.228root 11241100x80000000000000004282834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc07096604b7a7f92022-01-04 14:20:42.228root 11241100x80000000000000004282835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acf5821a621f4852022-01-04 14:20:42.228root 11241100x80000000000000004282836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447b6b46650319d02022-01-04 14:20:42.229root 11241100x80000000000000004282837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5912bc0b2a80953c2022-01-04 14:20:42.232root 11241100x80000000000000004282838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1b58adc85eac402022-01-04 14:20:42.232root 11241100x80000000000000004282839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685aface9af7497f2022-01-04 14:20:42.232root 11241100x80000000000000004282840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba61e573a627cc192022-01-04 14:20:42.232root 11241100x80000000000000004282841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa88bd55b6f19642022-01-04 14:20:42.232root 11241100x80000000000000004282842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4218da7974a48da02022-01-04 14:20:42.232root 11241100x80000000000000004282843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9267249680e3a62022-01-04 14:20:42.232root 11241100x80000000000000004282844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29284f198b8159d52022-01-04 14:20:42.233root 11241100x80000000000000004282845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d7d62638ef43e42022-01-04 14:20:42.233root 11241100x80000000000000004282846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a520180dcab68bb12022-01-04 14:20:42.233root 11241100x80000000000000004282847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaa6a13c6acd94f2022-01-04 14:20:42.233root 11241100x80000000000000004282848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2267fcba15750f762022-01-04 14:20:42.233root 11241100x80000000000000004282849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c79c53f57b66bf2022-01-04 14:20:42.233root 11241100x80000000000000004282850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7794553f578348a82022-01-04 14:20:42.233root 11241100x80000000000000004282851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6290a83a6efc2c2022-01-04 14:20:42.233root 11241100x80000000000000004282852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2147034fe5c4c8f2022-01-04 14:20:42.233root 11241100x80000000000000004282853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69831cff30c611af2022-01-04 14:20:42.233root 11241100x80000000000000004282854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba03fd9a09ed01fc2022-01-04 14:20:42.233root 11241100x80000000000000004282855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c971b2e5d214866d2022-01-04 14:20:42.233root 11241100x80000000000000004282856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7733fd3d0c80dc192022-01-04 14:20:42.234root 11241100x80000000000000004282857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f346363e1138f62022-01-04 14:20:42.234root 11241100x80000000000000004282858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826821e1a4405f182022-01-04 14:20:42.234root 11241100x80000000000000004282859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9558cf592be10ee82022-01-04 14:20:42.234root 11241100x80000000000000004282860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc209c6af63d11e12022-01-04 14:20:42.234root 11241100x80000000000000004282861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d503adad0f6a132022-01-04 14:20:42.234root 11241100x80000000000000004282862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705ae4e0b848c8632022-01-04 14:20:42.234root 11241100x80000000000000004282863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097082df2e9762552022-01-04 14:20:42.234root 11241100x80000000000000004282864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8375f5d1d8a3678d2022-01-04 14:20:42.234root 11241100x80000000000000004282865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee4c9eb859a9bfb2022-01-04 14:20:42.709root 11241100x80000000000000004282866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed2e18d8f864d2c2022-01-04 14:20:42.710root 11241100x80000000000000004282867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ba68ff7093902b2022-01-04 14:20:42.710root 11241100x80000000000000004282868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3feb65cfd7bd73b62022-01-04 14:20:42.710root 11241100x80000000000000004282869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded0a0ef3634d22a2022-01-04 14:20:42.710root 11241100x80000000000000004282870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b98133dadc628d2022-01-04 14:20:42.710root 11241100x80000000000000004282871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3657225ee7ef7e2022-01-04 14:20:42.710root 11241100x80000000000000004282872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beea776f526c7562022-01-04 14:20:42.711root 11241100x80000000000000004282873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f51f642a56a792022-01-04 14:20:42.711root 11241100x80000000000000004282874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bb4c24d4b2f0e82022-01-04 14:20:42.711root 11241100x80000000000000004282875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a867bf599f3ca42022-01-04 14:20:42.711root 11241100x80000000000000004282876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dbd2ed1bf6b9e02022-01-04 14:20:42.711root 11241100x80000000000000004282877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b501a12520d2602022-01-04 14:20:42.711root 11241100x80000000000000004282878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381371965529d1562022-01-04 14:20:42.711root 11241100x80000000000000004282879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08bdf4b4cbeb9262022-01-04 14:20:42.711root 11241100x80000000000000004282880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f938bc9d7fc45ee2022-01-04 14:20:42.711root 11241100x80000000000000004282881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5043869b8b0c9ec32022-01-04 14:20:42.711root 11241100x80000000000000004282882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434b7bc47533169d2022-01-04 14:20:42.711root 11241100x80000000000000004282883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792851b1bf0f0ab72022-01-04 14:20:42.711root 11241100x80000000000000004282884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd59f3219dad2ce2022-01-04 14:20:42.712root 11241100x80000000000000004282885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a937ec727b11a02022-01-04 14:20:42.712root 11241100x80000000000000004282886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7a51ba3765b0052022-01-04 14:20:42.712root 11241100x80000000000000004282887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc97b3b49ca3cbe2022-01-04 14:20:42.712root 11241100x80000000000000004282888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b06cfd72ff975d52022-01-04 14:20:42.712root 11241100x80000000000000004282889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ff893e5d8235072022-01-04 14:20:42.712root 11241100x80000000000000004282890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2705226b1e283d592022-01-04 14:20:42.712root 11241100x80000000000000004282891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b03edb02e559382022-01-04 14:20:42.712root 11241100x80000000000000004282892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37204a7c27db29992022-01-04 14:20:42.712root 11241100x80000000000000004282893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209c88e5592dcfb72022-01-04 14:20:42.712root 11241100x80000000000000004282894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa485b7dd4a137002022-01-04 14:20:42.712root 11241100x80000000000000004282895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16352d27cce1851d2022-01-04 14:20:42.713root 11241100x80000000000000004282896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0390e4b5572e23e72022-01-04 14:20:42.713root 11241100x80000000000000004282897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a2983a6d34df22022-01-04 14:20:42.713root 11241100x80000000000000004282898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1169ac75d8075f2022-01-04 14:20:42.713root 11241100x80000000000000004282899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904ea2126581bd492022-01-04 14:20:42.713root 11241100x80000000000000004282900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3829a60cc7484b1b2022-01-04 14:20:42.713root 11241100x80000000000000004282901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb79feb09075ded02022-01-04 14:20:42.713root 11241100x80000000000000004282902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2900d144b20f46352022-01-04 14:20:42.713root 11241100x80000000000000004282903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ca0fdad108ba892022-01-04 14:20:42.713root 11241100x80000000000000004282904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df922912bf0079c2022-01-04 14:20:42.713root 11241100x80000000000000004282905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e468efbf15f3fc572022-01-04 14:20:42.714root 11241100x80000000000000004282906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b79311f9f18a22022-01-04 14:20:42.714root 11241100x80000000000000004282907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7279e35db633b3bb2022-01-04 14:20:42.714root 11241100x80000000000000004282908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea307ec384c138c2022-01-04 14:20:42.714root 11241100x80000000000000004282909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89147f516ec5a3642022-01-04 14:20:42.714root 11241100x80000000000000004282910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fe99e438c36ce92022-01-04 14:20:42.714root 11241100x80000000000000004282911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c21e18586573102022-01-04 14:20:42.714root 11241100x80000000000000004282912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e985d006a09b83902022-01-04 14:20:42.714root 11241100x80000000000000004282913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013787bef3339c9e2022-01-04 14:20:42.714root 11241100x80000000000000004282914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac2050af15a3c882022-01-04 14:20:42.714root 11241100x80000000000000004282915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f94474a6af3eaf2022-01-04 14:20:42.714root 11241100x80000000000000004282916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb86a4cf7b5e4372022-01-04 14:20:42.715root 11241100x80000000000000004282917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcdb4fb7592407b2022-01-04 14:20:42.715root 11241100x80000000000000004282918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7822aa809842c4c2022-01-04 14:20:42.715root 11241100x80000000000000004282919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a70131c356c46382022-01-04 14:20:42.715root 11241100x80000000000000004282920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5ea97248d0549f2022-01-04 14:20:42.715root 11241100x80000000000000004282921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f771d62a9c09b122022-01-04 14:20:42.715root 11241100x80000000000000004282922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b15bddca7ee5db2022-01-04 14:20:42.715root 11241100x80000000000000004282923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abce8dfe93725f22022-01-04 14:20:42.715root 11241100x80000000000000004282924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0399b3ba1394d0372022-01-04 14:20:42.715root 11241100x80000000000000004282925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3123cf2e61a64d4b2022-01-04 14:20:42.715root 11241100x80000000000000004282926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035c9f35a83081662022-01-04 14:20:42.715root 11241100x80000000000000004282927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981ffc55138ad20c2022-01-04 14:20:42.716root 11241100x80000000000000004282928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae73417e07321cf2022-01-04 14:20:42.716root 11241100x80000000000000004282929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7888f42226bde1eb2022-01-04 14:20:42.716root 11241100x80000000000000004282930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db61f562873778d2022-01-04 14:20:42.716root 11241100x80000000000000004282931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bcdf99954453712022-01-04 14:20:42.716root 11241100x80000000000000004282932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986598f464b378ef2022-01-04 14:20:42.716root 11241100x80000000000000004282933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4765c8c4b200c9152022-01-04 14:20:42.716root 11241100x80000000000000004282934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85c7bf43458ee7f2022-01-04 14:20:42.716root 11241100x80000000000000004282935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633b98ffa1d56dd12022-01-04 14:20:42.716root 11241100x80000000000000004282936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736902463a502bea2022-01-04 14:20:42.716root 11241100x80000000000000004282937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134527e5d0ba770b2022-01-04 14:20:42.716root 11241100x80000000000000004282938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52e5914bcc43ff62022-01-04 14:20:42.716root 11241100x80000000000000004282939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217c64885a524c432022-01-04 14:20:42.716root 11241100x80000000000000004282940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d914cc3de6cd61f2022-01-04 14:20:42.716root 11241100x80000000000000004282941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2ae8cf8a2a58cc2022-01-04 14:20:42.716root 11241100x80000000000000004282942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669fb77a2f24a6522022-01-04 14:20:42.716root 11241100x80000000000000004282943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a4a96e3033fecd2022-01-04 14:20:42.717root 11241100x80000000000000004282944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb7538d784daf572022-01-04 14:20:42.717root 11241100x80000000000000004282945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ea30070b6305ef2022-01-04 14:20:42.717root 11241100x80000000000000004282946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6315302c953d0e22022-01-04 14:20:42.717root 11241100x80000000000000004282947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c796e340a6b8ed32022-01-04 14:20:42.717root 11241100x80000000000000004282948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5969663ef43c1e3b2022-01-04 14:20:42.717root 11241100x80000000000000004282949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e81895d1a2dd5f2022-01-04 14:20:42.717root 11241100x80000000000000004282950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471b5cd8b20d7d492022-01-04 14:20:42.717root 11241100x80000000000000004282951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6389d6b0b000792022-01-04 14:20:42.717root 11241100x80000000000000004282952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706714f87dba4c072022-01-04 14:20:42.717root 11241100x80000000000000004282953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea878cdc77dbb752022-01-04 14:20:42.717root 11241100x80000000000000004282954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4b25a14b21dec22022-01-04 14:20:42.717root 11241100x80000000000000004282955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39c237ff594cb322022-01-04 14:20:42.717root 11241100x80000000000000004282956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199aeb0454f429bc2022-01-04 14:20:42.717root 11241100x80000000000000004282957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9139028f2141847d2022-01-04 14:20:42.717root 11241100x80000000000000004282958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26075c307a93c5c2022-01-04 14:20:42.718root 11241100x80000000000000004282959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcd45bcb833a0e72022-01-04 14:20:42.718root 11241100x80000000000000004282960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491538af302e80272022-01-04 14:20:42.718root 11241100x80000000000000004282961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ada8d2580a127042022-01-04 14:20:42.718root 11241100x80000000000000004282962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5598204047bae3092022-01-04 14:20:42.718root 11241100x80000000000000004282963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f98702ef6c3c57c2022-01-04 14:20:42.718root 11241100x80000000000000004282964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f6ee8392bc7f562022-01-04 14:20:42.718root 11241100x80000000000000004282965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7f248faedbf7ab2022-01-04 14:20:42.719root 11241100x80000000000000004282966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3e658b4b75487f2022-01-04 14:20:42.719root 11241100x80000000000000004282967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d22d32b1ac1a932022-01-04 14:20:42.719root 11241100x80000000000000004282968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725bda88ed8804422022-01-04 14:20:42.719root 11241100x80000000000000004282969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c339814f733ebb22022-01-04 14:20:42.719root 11241100x80000000000000004282970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1b5b7c6392eccb2022-01-04 14:20:42.719root 11241100x80000000000000004282971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f4b49ca2619ca52022-01-04 14:20:42.719root 11241100x80000000000000004282972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e088b68816ceed4a2022-01-04 14:20:42.719root 11241100x80000000000000004282973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f14da29373c722022-01-04 14:20:42.719root 11241100x80000000000000004282974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b70e74d8c1a4432022-01-04 14:20:42.720root 11241100x80000000000000004282975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f01ec11a971152022-01-04 14:20:42.720root 11241100x80000000000000004282976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ed5b11a755dc3e2022-01-04 14:20:42.720root 11241100x80000000000000004282977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a911777d831cf69f2022-01-04 14:20:42.720root 11241100x80000000000000004282978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c0bdd2570c74a82022-01-04 14:20:42.720root 11241100x80000000000000004282979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e680fde96d9222022-01-04 14:20:42.724root 11241100x80000000000000004282980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5079c48e30937fb22022-01-04 14:20:42.724root 11241100x80000000000000004282981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144a8eb715b825042022-01-04 14:20:42.724root 11241100x80000000000000004282982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a1f0a32bc3700f2022-01-04 14:20:42.725root 11241100x80000000000000004282983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97359236e4458c2a2022-01-04 14:20:42.725root 11241100x80000000000000004282984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dfe06057c492f42022-01-04 14:20:42.725root 11241100x80000000000000004282985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e1d46159a76d032022-01-04 14:20:42.725root 11241100x80000000000000004282986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826f30380f14cacf2022-01-04 14:20:42.725root 11241100x80000000000000004282987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f31ba1e1c62c832022-01-04 14:20:42.725root 11241100x80000000000000004282988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74afbfa13c62e7d72022-01-04 14:20:42.725root 11241100x80000000000000004282989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c387dc45b674c762022-01-04 14:20:42.725root 11241100x80000000000000004282990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b276474f305886912022-01-04 14:20:42.726root 11241100x80000000000000004282991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25925e0e4a75faa32022-01-04 14:20:42.726root 11241100x80000000000000004282992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb5549adbe7b2162022-01-04 14:20:42.726root 11241100x80000000000000004282993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111da5458ab0576b2022-01-04 14:20:42.726root 11241100x80000000000000004282994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbc82cf544203662022-01-04 14:20:42.726root 11241100x80000000000000004282995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f8d6c2281b2e8e2022-01-04 14:20:42.726root 11241100x80000000000000004282996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f60e320f4f37c12022-01-04 14:20:42.726root 11241100x80000000000000004282997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8695c36eb1e6aa2022-01-04 14:20:42.727root 11241100x80000000000000004282998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e0a6f39d210a2f2022-01-04 14:20:42.727root 11241100x80000000000000004282999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fec98e72c7989092022-01-04 14:20:42.727root 11241100x80000000000000004283000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add0646b31b74c0c2022-01-04 14:20:42.727root 11241100x80000000000000004283001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300dd41257471e622022-01-04 14:20:42.727root 11241100x80000000000000004283002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6c24007e2ffeef2022-01-04 14:20:42.727root 11241100x80000000000000004283003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a2e0ca8eaca4132022-01-04 14:20:42.728root 11241100x80000000000000004283004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f7208eb3d7ab52022-01-04 14:20:42.728root 11241100x80000000000000004283005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b7d4c4ea897212022-01-04 14:20:42.728root 11241100x80000000000000004283006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f213c086de4432f52022-01-04 14:20:42.728root 11241100x80000000000000004283007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a31871e81e14542022-01-04 14:20:42.728root 11241100x80000000000000004283008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf5727cdd43eb332022-01-04 14:20:42.729root 11241100x80000000000000004283009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc1905fe2435bf72022-01-04 14:20:42.729root 11241100x80000000000000004283010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae27c7ae2cdb20c12022-01-04 14:20:42.729root 11241100x80000000000000004283011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fff03f2798fdfef2022-01-04 14:20:42.729root 11241100x80000000000000004283012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb8636c790de5cf2022-01-04 14:20:42.729root 11241100x80000000000000004283013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb564f5a610352b62022-01-04 14:20:42.729root 11241100x80000000000000004283014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca235136a08158e22022-01-04 14:20:42.729root 11241100x80000000000000004283015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540df20f1ebf94462022-01-04 14:20:42.730root 11241100x80000000000000004283016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13a174390f563ec2022-01-04 14:20:42.730root 11241100x80000000000000004283017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05f16a170b14e82022-01-04 14:20:42.730root 11241100x80000000000000004283018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2931f24aff2f08d72022-01-04 14:20:42.730root 11241100x80000000000000004283019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8a4a294d2a838b2022-01-04 14:20:42.730root 11241100x80000000000000004283020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095e8227c7a27b582022-01-04 14:20:42.730root 11241100x80000000000000004283021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa8cee02c56e38d2022-01-04 14:20:42.730root 11241100x80000000000000004283022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622f37d9aa89bc2f2022-01-04 14:20:42.731root 11241100x80000000000000004283023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dc2faa699bfd122022-01-04 14:20:42.731root 11241100x80000000000000004283024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de20a37654bac2fa2022-01-04 14:20:42.731root 11241100x80000000000000004283025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81de749ba50cf362022-01-04 14:20:42.731root 11241100x80000000000000004283026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e52be80eb48763f2022-01-04 14:20:42.731root 11241100x80000000000000004283027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fc172905c9d6a62022-01-04 14:20:42.732root 11241100x80000000000000004283028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c60f54a588f2db32022-01-04 14:20:42.732root 11241100x80000000000000004283029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd891b48d89364d92022-01-04 14:20:42.732root 11241100x80000000000000004283030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3741f0b0aafb2c502022-01-04 14:20:42.732root 11241100x80000000000000004283031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7c0210adb5a1152022-01-04 14:20:42.733root 11241100x80000000000000004283032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640992a2dcf1e76c2022-01-04 14:20:42.733root 11241100x80000000000000004283033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f79260f1fb1a072022-01-04 14:20:42.733root 11241100x80000000000000004283034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ca91b2f8dce4952022-01-04 14:20:42.733root 11241100x80000000000000004283035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461d8c3bb6dc4fbc2022-01-04 14:20:42.733root 11241100x80000000000000004283036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e690b2910fd59f2022-01-04 14:20:42.733root 11241100x80000000000000004283037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4d060173de39892022-01-04 14:20:42.733root 11241100x80000000000000004283038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9faaf24ca5b79652022-01-04 14:20:42.733root 11241100x80000000000000004283039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a324ed7dc31e722022-01-04 14:20:42.733root 11241100x80000000000000004283040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.733{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6aab96970e30232022-01-04 14:20:42.733root 11241100x80000000000000004283041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c276bbbcd143ab92022-01-04 14:20:42.734root 11241100x80000000000000004283042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3eaa038179e8ae2022-01-04 14:20:42.734root 11241100x80000000000000004283043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573129a49ea77ded2022-01-04 14:20:42.734root 11241100x80000000000000004283044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ca4d8593e9e8bc2022-01-04 14:20:42.734root 11241100x80000000000000004283045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be61d453534318d2022-01-04 14:20:42.734root 11241100x80000000000000004283046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42fabf522e1fe462022-01-04 14:20:42.734root 11241100x80000000000000004283047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0029bf3b53b377d72022-01-04 14:20:42.734root 11241100x80000000000000004283048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f83e88543c83562022-01-04 14:20:42.734root 11241100x80000000000000004283049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9151f38cb85895872022-01-04 14:20:42.734root 11241100x80000000000000004283050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8c5b68e0f2a4fa2022-01-04 14:20:42.734root 11241100x80000000000000004283051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff36a067a7ce7b2c2022-01-04 14:20:42.734root 11241100x80000000000000004283052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.734{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9693790bb8a5b5b12022-01-04 14:20:42.734root 11241100x80000000000000004283053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed57c539a4a98a42022-01-04 14:20:42.735root 11241100x80000000000000004283054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0dbdf71f18539a2022-01-04 14:20:42.735root 11241100x80000000000000004283055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f05172db20c1312022-01-04 14:20:42.735root 11241100x80000000000000004283056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9bd563ea1de6f2022-01-04 14:20:42.735root 11241100x80000000000000004283057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548dd21c32ee67342022-01-04 14:20:42.735root 11241100x80000000000000004283058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3c9c3ce6102dc2022-01-04 14:20:42.735root 11241100x80000000000000004283059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f749fd0acc70c2022-01-04 14:20:42.735root 11241100x80000000000000004283060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac92c5c4a72aa012022-01-04 14:20:42.735root 11241100x80000000000000004283061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa272cf236b613e72022-01-04 14:20:42.735root 11241100x80000000000000004283062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd2b66200e5882e2022-01-04 14:20:42.735root 11241100x80000000000000004283063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.735{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290521f697219ce62022-01-04 14:20:42.735root 11241100x80000000000000004283064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.736{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a9342c3b7f45432022-01-04 14:20:42.736root 11241100x80000000000000004283065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.736{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f43d91157cb76e2022-01-04 14:20:42.736root 11241100x80000000000000004283066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.736{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a32a1ca1310f7902022-01-04 14:20:42.736root 11241100x80000000000000004283067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.736{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c269963adfa719fc2022-01-04 14:20:42.736root 11241100x80000000000000004283068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.736{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922fab0ad157583d2022-01-04 14:20:42.736root 11241100x80000000000000004283069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.737{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86125d2a8d3382c42022-01-04 14:20:42.737root 11241100x80000000000000004283070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.737{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abff2e2da91974f62022-01-04 14:20:42.737root 11241100x80000000000000004283071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.737{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e232ea1c2699dab2022-01-04 14:20:42.737root 11241100x80000000000000004283072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.737{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1093054d3c44f01f2022-01-04 14:20:42.737root 11241100x80000000000000004283073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.737{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6389e7801124932022-01-04 14:20:42.737root 11241100x80000000000000004283074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.737{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5841017b5593bd262022-01-04 14:20:42.737root 11241100x80000000000000004283075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.737{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd701dfafb080fe2022-01-04 14:20:42.737root 11241100x80000000000000004283076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53a8a5d0dca24eb2022-01-04 14:20:42.738root 11241100x80000000000000004283077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0484a0bc576b74902022-01-04 14:20:42.738root 11241100x80000000000000004283078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce2bd695cfda5542022-01-04 14:20:42.738root 11241100x80000000000000004283079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300870279ec6fa1d2022-01-04 14:20:42.738root 11241100x80000000000000004283080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcf5c62f5ccb4be2022-01-04 14:20:42.738root 11241100x80000000000000004283081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd521afb909ac4ca2022-01-04 14:20:42.738root 11241100x80000000000000004283082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db0c9e2d2110e632022-01-04 14:20:42.738root 11241100x80000000000000004283083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.738{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aff2847265b7df2022-01-04 14:20:42.738root 11241100x80000000000000004283084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.739{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f48a49691d15342022-01-04 14:20:42.739root 11241100x80000000000000004283085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.739{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a05318961d4f8e92022-01-04 14:20:42.739root 11241100x80000000000000004283086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.739{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29008553a4912822022-01-04 14:20:42.739root 11241100x80000000000000004283087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.739{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d63a43a6c442f22022-01-04 14:20:42.739root 11241100x80000000000000004283088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.739{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d54f06492983cca2022-01-04 14:20:42.739root 11241100x80000000000000004283089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.740{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bc8fcaa0d70e7f2022-01-04 14:20:42.740root 11241100x80000000000000004283090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.740{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7d2d54be3118c82022-01-04 14:20:42.740root 11241100x80000000000000004283091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.740{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0a703bad6445e52022-01-04 14:20:42.740root 11241100x80000000000000004283092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.740{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8082fbbb19b46c7b2022-01-04 14:20:42.740root 11241100x80000000000000004283093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.740{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b396f2a4bf99d772022-01-04 14:20:42.740root 11241100x80000000000000004283094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.741{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b9a10572b94da42022-01-04 14:20:42.741root 11241100x80000000000000004283095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.741{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff48e85004eace72022-01-04 14:20:42.741root 11241100x80000000000000004283096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.742{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93158b72d79392892022-01-04 14:20:42.742root 11241100x80000000000000004283097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.742{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7d132f4d9e79722022-01-04 14:20:42.742root 11241100x80000000000000004283098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.742{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad214668022640bf2022-01-04 14:20:42.742root 11241100x80000000000000004283099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.742{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b008bbaaa34833a2022-01-04 14:20:42.742root 11241100x80000000000000004283100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.742{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d037f8e6aa190652022-01-04 14:20:42.742root 11241100x80000000000000004283101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.742{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb6aad99868d31d2022-01-04 14:20:42.742root 11241100x80000000000000004283102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40491909d2ad4ef92022-01-04 14:20:42.743root 11241100x80000000000000004283103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc897db31d8f4262022-01-04 14:20:42.743root 11241100x80000000000000004283104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9949483bc45d9072022-01-04 14:20:42.743root 11241100x80000000000000004283105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d91b8e4fc4b2cc2022-01-04 14:20:42.743root 11241100x80000000000000004283106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fce58e32ed9c97c2022-01-04 14:20:42.743root 11241100x80000000000000004283107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13e45fb7243dca2022-01-04 14:20:42.743root 11241100x80000000000000004283108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85427ff6a84f85812022-01-04 14:20:42.743root 11241100x80000000000000004283109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.743{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ef4b03dee37acd2022-01-04 14:20:42.743root 11241100x80000000000000004283110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.744{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1804cbcbcd62bc852022-01-04 14:20:42.744root 11241100x80000000000000004283111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.744{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03131e11fa2f3772022-01-04 14:20:42.744root 11241100x80000000000000004283112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.744{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1dc8400467dc8c2022-01-04 14:20:42.744root 11241100x80000000000000004283113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.744{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c731a9c8d9f037b2022-01-04 14:20:42.744root 11241100x80000000000000004283114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.744{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae0818d4d8f61f2022-01-04 14:20:42.744root 11241100x80000000000000004283115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.744{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb31e2d8d80e485d2022-01-04 14:20:42.744root 11241100x80000000000000004283116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.744{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2095728678988d4a2022-01-04 14:20:42.744root 11241100x80000000000000004283117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.745{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40560598dc4851cd2022-01-04 14:20:42.745root 11241100x80000000000000004283118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.745{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61813dc0698840792022-01-04 14:20:42.745root 11241100x80000000000000004283119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.745{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6865356d2b3490602022-01-04 14:20:42.745root 11241100x80000000000000004283120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.745{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a884dbd0dfeb092022-01-04 14:20:42.745root 11241100x80000000000000004283121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:42.745{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01adfdfbdbe6671e2022-01-04 14:20:42.745root 11241100x80000000000000004283122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a765bd42db0df72022-01-04 14:20:43.209root 11241100x80000000000000004283123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412842bd9391bf2f2022-01-04 14:20:43.209root 11241100x80000000000000004283124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f36c4b7104e1632022-01-04 14:20:43.209root 11241100x80000000000000004283125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c33e543749343312022-01-04 14:20:43.209root 11241100x80000000000000004283126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cae31b286c68ec32022-01-04 14:20:43.210root 11241100x80000000000000004283127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68656857d8cead6a2022-01-04 14:20:43.210root 11241100x80000000000000004283128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cc63ac4584af4a2022-01-04 14:20:43.210root 11241100x80000000000000004283129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d0d2f2ee3a36582022-01-04 14:20:43.210root 11241100x80000000000000004283130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa875eae2c143ac52022-01-04 14:20:43.210root 11241100x80000000000000004283131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50290cc89a64195a2022-01-04 14:20:43.210root 11241100x80000000000000004283132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18004f2e81dba9742022-01-04 14:20:43.210root 11241100x80000000000000004283133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd4e544d32cc8292022-01-04 14:20:43.211root 11241100x80000000000000004283134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59c7bb61b5e44902022-01-04 14:20:43.211root 11241100x80000000000000004283135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57854e033d311a52022-01-04 14:20:43.211root 11241100x80000000000000004283136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0a8b5c0ea9ef5b2022-01-04 14:20:43.211root 11241100x80000000000000004283137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bd586b8a8c1e912022-01-04 14:20:43.211root 11241100x80000000000000004283138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0939be5429407b2022-01-04 14:20:43.211root 11241100x80000000000000004283139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657377055aed7a152022-01-04 14:20:43.212root 11241100x80000000000000004283140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fb66c73b8bcff62022-01-04 14:20:43.212root 11241100x80000000000000004283141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14828a1790f3136a2022-01-04 14:20:43.212root 11241100x80000000000000004283142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1912a7158bafeb612022-01-04 14:20:43.212root 11241100x80000000000000004283143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc00d8a1c28afb1a2022-01-04 14:20:43.212root 11241100x80000000000000004283144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6688ab4f6dd8794d2022-01-04 14:20:43.212root 11241100x80000000000000004283145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd12623974d8e2cd2022-01-04 14:20:43.212root 11241100x80000000000000004283146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c55f20d4a836922022-01-04 14:20:43.213root 11241100x80000000000000004283147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a864e9fb2f4e78ff2022-01-04 14:20:43.213root 11241100x80000000000000004283148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bdee867cab1c022022-01-04 14:20:43.213root 11241100x80000000000000004283149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486062c690a3adff2022-01-04 14:20:43.213root 11241100x80000000000000004283150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cc1e843f0df41a2022-01-04 14:20:43.215root 11241100x80000000000000004283151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3ecf67e711bd842022-01-04 14:20:43.215root 11241100x80000000000000004283152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d457063dbbc481402022-01-04 14:20:43.215root 11241100x80000000000000004283153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd83dfcb107b19fb2022-01-04 14:20:43.216root 11241100x80000000000000004283154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dad9d9b1b065242022-01-04 14:20:43.216root 11241100x80000000000000004283155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97dd7a3854cfaf22022-01-04 14:20:43.216root 11241100x80000000000000004283156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58079f7ce0dea3262022-01-04 14:20:43.216root 11241100x80000000000000004283157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2e9b7217794482022-01-04 14:20:43.216root 11241100x80000000000000004283158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa7671be0348c442022-01-04 14:20:43.216root 11241100x80000000000000004283159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9723a6b1a7fbfb2022-01-04 14:20:43.217root 11241100x80000000000000004283160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f30ec6aef3756632022-01-04 14:20:43.217root 11241100x80000000000000004283161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a26a30768e4ed92022-01-04 14:20:43.217root 11241100x80000000000000004283162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58990fcf984b9d02022-01-04 14:20:43.217root 11241100x80000000000000004283163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ea68dc435aa7692022-01-04 14:20:43.217root 11241100x80000000000000004283164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f736769a8e510de2022-01-04 14:20:43.217root 11241100x80000000000000004283165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd8f0dc937bd5ef2022-01-04 14:20:43.217root 11241100x80000000000000004283166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99813f2df1ba882b2022-01-04 14:20:43.217root 11241100x80000000000000004283167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d833e654a97333c2022-01-04 14:20:43.218root 11241100x80000000000000004283168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898b7301b3447472022-01-04 14:20:43.218root 11241100x80000000000000004283169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9700c81eede977d2022-01-04 14:20:43.218root 11241100x80000000000000004283170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3047ef928f74185c2022-01-04 14:20:43.218root 11241100x80000000000000004283171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a04ec0aee686d862022-01-04 14:20:43.218root 11241100x80000000000000004283172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c91dc927a761ddd2022-01-04 14:20:43.218root 11241100x80000000000000004283173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ba605dc764d3532022-01-04 14:20:43.218root 11241100x80000000000000004283174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318277ddc441ad2e2022-01-04 14:20:43.218root 11241100x80000000000000004283175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678b6c0cc460edf12022-01-04 14:20:43.218root 11241100x80000000000000004283176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c50e965ae0a5112022-01-04 14:20:43.219root 11241100x80000000000000004283177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae929dc36742772022-01-04 14:20:43.219root 11241100x80000000000000004283178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6efc0d63fc42d162022-01-04 14:20:43.219root 11241100x80000000000000004283179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f20dd7a6b71846b2022-01-04 14:20:43.219root 11241100x80000000000000004283180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc91bcec8ec7acf2022-01-04 14:20:43.219root 11241100x80000000000000004283181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d943ee7d663a27432022-01-04 14:20:43.220root 11241100x80000000000000004283182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0317fb53c982a56d2022-01-04 14:20:43.220root 11241100x80000000000000004283183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18494353f13790732022-01-04 14:20:43.220root 11241100x80000000000000004283184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f79addb916a6b92022-01-04 14:20:43.220root 11241100x80000000000000004283185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e72572f59ca3f282022-01-04 14:20:43.220root 11241100x80000000000000004283186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10483e7c182b9482022-01-04 14:20:43.220root 11241100x80000000000000004283187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90301062286938c92022-01-04 14:20:43.220root 11241100x80000000000000004283188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc4dbed0f5b930f2022-01-04 14:20:43.221root 11241100x80000000000000004283189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b117a4394ae5f1ab2022-01-04 14:20:43.221root 11241100x80000000000000004283190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1035a46969edc62022-01-04 14:20:43.221root 11241100x80000000000000004283191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8851dd3613892442022-01-04 14:20:43.221root 11241100x80000000000000004283192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4d4de82b3e43ff2022-01-04 14:20:43.221root 11241100x80000000000000004283193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4050955013c003982022-01-04 14:20:43.221root 11241100x80000000000000004283194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d28c4a7ec2ab6ce2022-01-04 14:20:43.221root 11241100x80000000000000004283195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cebc2c5b77659cf2022-01-04 14:20:43.221root 11241100x80000000000000004283196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838462637a3bf1042022-01-04 14:20:43.221root 11241100x80000000000000004283197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd64f05b42d161e2022-01-04 14:20:43.222root 11241100x80000000000000004283198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f9b971db9731442022-01-04 14:20:43.222root 11241100x80000000000000004283199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b824f1cd18b6792022-01-04 14:20:43.223root 11241100x80000000000000004283200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318b6c16d763e0512022-01-04 14:20:43.223root 11241100x80000000000000004283201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901c0e8be737c4d52022-01-04 14:20:43.223root 11241100x80000000000000004283202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024436ad48c020b52022-01-04 14:20:43.223root 11241100x80000000000000004283203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3a10a0b465e9712022-01-04 14:20:43.223root 11241100x80000000000000004283204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16e477853c978b52022-01-04 14:20:43.223root 11241100x80000000000000004283205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4464e0e181d8892022-01-04 14:20:43.223root 11241100x80000000000000004283206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22c3810fdb491a2022-01-04 14:20:43.224root 11241100x80000000000000004283207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65a9e01a9f627812022-01-04 14:20:43.224root 11241100x80000000000000004283208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8c18d43bd3913c2022-01-04 14:20:43.224root 11241100x80000000000000004283209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e898eee2faf48e2022-01-04 14:20:43.224root 11241100x80000000000000004283210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302e71bae4ca409d2022-01-04 14:20:43.224root 11241100x80000000000000004283211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33568e9e8489b7362022-01-04 14:20:43.225root 11241100x80000000000000004283212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29906bb7d7cda582022-01-04 14:20:43.225root 11241100x80000000000000004283213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8dd6db8980f6cd2022-01-04 14:20:43.225root 11241100x80000000000000004283214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a69389e241f31272022-01-04 14:20:43.225root 11241100x80000000000000004283215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a746f5b87ab28e852022-01-04 14:20:43.225root 11241100x80000000000000004283216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da50a036cb8eae282022-01-04 14:20:43.225root 11241100x80000000000000004283217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b0a8c6715b22362022-01-04 14:20:43.225root 11241100x80000000000000004283218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1685e11fb8246bc32022-01-04 14:20:43.225root 11241100x80000000000000004283219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306921db214fbffe2022-01-04 14:20:43.225root 11241100x80000000000000004283220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d11f4ba247580b2022-01-04 14:20:43.225root 11241100x80000000000000004283221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c62cd8715580c52022-01-04 14:20:43.225root 11241100x80000000000000004283222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0370b933798a0112022-01-04 14:20:43.226root 11241100x80000000000000004283223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50e49c6c536783e2022-01-04 14:20:43.226root 11241100x80000000000000004283224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b37dfc3c0260f12022-01-04 14:20:43.226root 11241100x80000000000000004283225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51bfcd634b3f6a12022-01-04 14:20:43.226root 11241100x80000000000000004283226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591d0c9485c220b12022-01-04 14:20:43.226root 11241100x80000000000000004283227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d932d632b4e6fe802022-01-04 14:20:43.226root 11241100x80000000000000004283228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acda9a731b001bb2022-01-04 14:20:43.226root 11241100x80000000000000004283229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20359a5a0b957912022-01-04 14:20:43.226root 11241100x80000000000000004283230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d0c2e8e078d6372022-01-04 14:20:43.226root 11241100x80000000000000004283231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458aa872e51a11712022-01-04 14:20:43.226root 11241100x80000000000000004283232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c89bd26988785492022-01-04 14:20:43.226root 11241100x80000000000000004283233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5bce1b24542bfe2022-01-04 14:20:43.226root 11241100x80000000000000004283234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c645d0ffc1bc222022-01-04 14:20:43.226root 11241100x80000000000000004283235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e612be8cdfbb2ae52022-01-04 14:20:43.226root 11241100x80000000000000004283236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ba6454fdd95352022-01-04 14:20:43.226root 11241100x80000000000000004283237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296db8bde3a2a49c2022-01-04 14:20:43.227root 11241100x80000000000000004283238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e25292c358495332022-01-04 14:20:43.227root 11241100x80000000000000004283239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24199c5f51aaa61e2022-01-04 14:20:43.227root 11241100x80000000000000004283240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83693c3319408b872022-01-04 14:20:43.227root 11241100x80000000000000004283241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228e9ccc5e5242732022-01-04 14:20:43.227root 11241100x80000000000000004283242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dabec3d0e4f22362022-01-04 14:20:43.227root 11241100x80000000000000004283243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb31280ccf9feca42022-01-04 14:20:43.227root 11241100x80000000000000004283244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe20a4000e07d9632022-01-04 14:20:43.227root 11241100x80000000000000004283245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f45bef01f44dab2022-01-04 14:20:43.227root 11241100x80000000000000004283246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff1de57eaa5559c2022-01-04 14:20:43.227root 11241100x80000000000000004283247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aa5732e4091de32022-01-04 14:20:43.227root 11241100x80000000000000004283248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebee7e04488450d2022-01-04 14:20:43.227root 11241100x80000000000000004283249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73bc4c65d01d8a32022-01-04 14:20:43.227root 11241100x80000000000000004283250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de589a990d87e3522022-01-04 14:20:43.227root 11241100x80000000000000004283251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4f8d0ada4c7ebb2022-01-04 14:20:43.228root 11241100x80000000000000004283252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec9e077975218142022-01-04 14:20:43.229root 11241100x80000000000000004283253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf7272f02e59d9f2022-01-04 14:20:43.229root 11241100x80000000000000004283254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1127367cb5c444a2022-01-04 14:20:43.229root 11241100x80000000000000004283255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956f216531769c6f2022-01-04 14:20:43.229root 11241100x80000000000000004283256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c32b8ad5c4569972022-01-04 14:20:43.229root 11241100x80000000000000004283257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d29fb032896cb22022-01-04 14:20:43.229root 11241100x80000000000000004283258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4ee9739bb426f22022-01-04 14:20:43.229root 11241100x80000000000000004283259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054bf2b847ca31062022-01-04 14:20:43.230root 11241100x80000000000000004283260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee2b8b69c9581af2022-01-04 14:20:43.230root 11241100x80000000000000004283261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2823fee92b707f102022-01-04 14:20:43.230root 11241100x80000000000000004283262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259697220d34306a2022-01-04 14:20:43.230root 11241100x80000000000000004283263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6736597cbd7c9f392022-01-04 14:20:43.231root 11241100x80000000000000004283264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f097bfdcf663002022-01-04 14:20:43.231root 11241100x80000000000000004283265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bb6c2f100e5ebb2022-01-04 14:20:43.231root 11241100x80000000000000004283266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e950b6e3a96c78d62022-01-04 14:20:43.231root 11241100x80000000000000004283267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ec9f8e35a7bc92022-01-04 14:20:43.231root 11241100x80000000000000004283268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a30d2959bfb78f72022-01-04 14:20:43.231root 11241100x80000000000000004283269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f501af4900063a8c2022-01-04 14:20:43.231root 11241100x80000000000000004283270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22bd34b918c502c2022-01-04 14:20:43.231root 11241100x80000000000000004283271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a211d816ff84e992022-01-04 14:20:43.231root 11241100x80000000000000004283272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e610768cf6f9b292022-01-04 14:20:43.231root 11241100x80000000000000004283273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec26440378462aec2022-01-04 14:20:43.232root 11241100x80000000000000004283274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bdb6e80fb1de142022-01-04 14:20:43.232root 11241100x80000000000000004283275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18755e1c3e4edca2022-01-04 14:20:43.232root 11241100x80000000000000004283276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a7da2eff4f5c4d2022-01-04 14:20:43.232root 11241100x80000000000000004283277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fb78a690c7f90c2022-01-04 14:20:43.232root 11241100x80000000000000004283278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2f614a9e8fffa62022-01-04 14:20:43.232root 11241100x80000000000000004283279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8402b7594d14fa52022-01-04 14:20:43.232root 11241100x80000000000000004283280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a31506342de4be2022-01-04 14:20:43.232root 11241100x80000000000000004283281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a1509d8d699152022-01-04 14:20:43.233root 11241100x80000000000000004283282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bf25ede5aeb3652022-01-04 14:20:43.233root 11241100x80000000000000004283283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b746e25059077592022-01-04 14:20:43.233root 11241100x80000000000000004283284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0daece149c25e2022-01-04 14:20:43.233root 11241100x80000000000000004283285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88441664ba61998c2022-01-04 14:20:43.233root 11241100x80000000000000004283286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e411c8e0f2a7f132022-01-04 14:20:43.233root 11241100x80000000000000004283287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1644881696c695822022-01-04 14:20:43.233root 11241100x80000000000000004283288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448d12b1aa94db9f2022-01-04 14:20:43.233root 11241100x80000000000000004283289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d5309e7ecae45a2022-01-04 14:20:43.233root 11241100x80000000000000004283290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403dcf8ddccbab302022-01-04 14:20:43.233root 11241100x80000000000000004283291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8addc0df93c3b32022-01-04 14:20:43.234root 11241100x80000000000000004283292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583cd5fff107fb4b2022-01-04 14:20:43.234root 11241100x80000000000000004283293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b5fd87118c9f662022-01-04 14:20:43.234root 11241100x80000000000000004283294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c8a7351b9dbde52022-01-04 14:20:43.234root 11241100x80000000000000004283295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330e34ca17afcddf2022-01-04 14:20:43.234root 11241100x80000000000000004283296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef64e704a9db9b742022-01-04 14:20:43.234root 11241100x80000000000000004283297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42755de32a197b962022-01-04 14:20:43.234root 11241100x80000000000000004283298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6889f3f217841d62022-01-04 14:20:43.234root 11241100x80000000000000004283299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d482c5ae39f7f142022-01-04 14:20:43.234root 11241100x80000000000000004283300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fdd2aae887f6ef2022-01-04 14:20:43.234root 11241100x80000000000000004283301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b8a509f4116f6c2022-01-04 14:20:43.234root 11241100x80000000000000004283302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8f70c14c70ee642022-01-04 14:20:43.234root 11241100x80000000000000004283303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b6f391e3af32952022-01-04 14:20:43.234root 11241100x80000000000000004283304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea68a741cb762232022-01-04 14:20:43.234root 11241100x80000000000000004283305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bf3ec2e2a8e81e2022-01-04 14:20:43.234root 11241100x80000000000000004283306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dc9e955668a9442022-01-04 14:20:43.235root 11241100x80000000000000004283307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7053f7700429fbed2022-01-04 14:20:43.235root 11241100x80000000000000004283308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c328c0020bc33052022-01-04 14:20:43.235root 11241100x80000000000000004283309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f6ee6af8cbb13e2022-01-04 14:20:43.235root 11241100x80000000000000004283310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d6f07692399e5b2022-01-04 14:20:43.235root 11241100x80000000000000004283311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8212a139b046e6732022-01-04 14:20:43.235root 11241100x80000000000000004283312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b527d5c17b9ccf2b2022-01-04 14:20:43.235root 11241100x80000000000000004283313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4174dfbc3c428b6e2022-01-04 14:20:43.235root 11241100x80000000000000004283314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f2707f0eefc3c32022-01-04 14:20:43.235root 11241100x80000000000000004283315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed25f53a695b652022-01-04 14:20:43.235root 11241100x80000000000000004283316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aa0b6ef2c802b42022-01-04 14:20:43.235root 11241100x80000000000000004283317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f2e78792a475e12022-01-04 14:20:43.235root 11241100x80000000000000004283318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b5c82fe8b87dab2022-01-04 14:20:43.235root 11241100x80000000000000004283319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f8624a55c2df9c2022-01-04 14:20:43.235root 11241100x80000000000000004283320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc291c0fb7bf382022-01-04 14:20:43.235root 11241100x80000000000000004283321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055eaa733ed8f16f2022-01-04 14:20:43.236root 11241100x80000000000000004283322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03020cc097fce39e2022-01-04 14:20:43.236root 11241100x80000000000000004283323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa8dd83ffff5f22022-01-04 14:20:43.236root 11241100x80000000000000004283324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354b917f8a28af4e2022-01-04 14:20:43.236root 11241100x80000000000000004283325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272408b0540a9fd82022-01-04 14:20:43.236root 11241100x80000000000000004283326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac52dd5ff5ed7672022-01-04 14:20:43.238root 11241100x80000000000000004283327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0560700a9b35832022-01-04 14:20:43.238root 11241100x80000000000000004283328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27a219f72e9f3c22022-01-04 14:20:43.238root 11241100x80000000000000004283329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b10a631b6ecb3d2022-01-04 14:20:43.238root 11241100x80000000000000004283330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9747b37c4539522022-01-04 14:20:43.238root 11241100x80000000000000004283331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c0ccc98d7ca76d2022-01-04 14:20:43.238root 11241100x80000000000000004283332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa489598004bf7522022-01-04 14:20:43.238root 11241100x80000000000000004283333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee4104bba7859c52022-01-04 14:20:43.239root 11241100x80000000000000004283334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64da5bfd8aceb5ad2022-01-04 14:20:43.239root 11241100x80000000000000004283335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1b9a6c176fa9ac2022-01-04 14:20:43.239root 11241100x80000000000000004283336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d20e39fef4a569d2022-01-04 14:20:43.239root 11241100x80000000000000004283337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3728000d86e21f2022-01-04 14:20:43.239root 11241100x80000000000000004283338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04df80296c91a45f2022-01-04 14:20:43.239root 11241100x80000000000000004283339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c09fcf998404f792022-01-04 14:20:43.239root 11241100x80000000000000004283340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60e2c401ed801a2022-01-04 14:20:43.239root 11241100x80000000000000004283341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb81b10f3362f1d2022-01-04 14:20:43.239root 11241100x80000000000000004283342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913c9f8c04857bd62022-01-04 14:20:43.239root 11241100x80000000000000004283343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d43300f898913f2022-01-04 14:20:43.239root 11241100x80000000000000004283344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbbd358e8e1964c2022-01-04 14:20:43.239root 11241100x80000000000000004283345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8193dbef2f70e9fb2022-01-04 14:20:43.239root 11241100x80000000000000004283346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e6938931fb68f62022-01-04 14:20:43.239root 11241100x80000000000000004283347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408a68be46b1d5302022-01-04 14:20:43.239root 11241100x80000000000000004283348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b5885a7249d3e52022-01-04 14:20:43.240root 11241100x80000000000000004283349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d340e281a0be66fc2022-01-04 14:20:43.240root 11241100x80000000000000004283350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3300560f36af5bcb2022-01-04 14:20:43.240root 11241100x80000000000000004283351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad80527933f344c2022-01-04 14:20:43.240root 11241100x80000000000000004283352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bafeed25a67dca62022-01-04 14:20:43.240root 11241100x80000000000000004283353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74254c7b8e0c9af02022-01-04 14:20:43.240root 11241100x80000000000000004283354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea55f45b6e4cf12022-01-04 14:20:43.240root 11241100x80000000000000004283355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f831e7e858b7d99a2022-01-04 14:20:43.240root 11241100x80000000000000004283356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66324d7eb2e5be92022-01-04 14:20:43.240root 11241100x80000000000000004283357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d527062d54563b982022-01-04 14:20:43.240root 11241100x80000000000000004283358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab58372b0318517e2022-01-04 14:20:43.240root 11241100x80000000000000004283359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26872690e0373042022-01-04 14:20:43.240root 11241100x80000000000000004283360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bc8a6afe27ddbc2022-01-04 14:20:43.240root 11241100x80000000000000004283361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568cc2e0a84b92cb2022-01-04 14:20:43.240root 11241100x80000000000000004283362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a6ae16c27969cf2022-01-04 14:20:43.241root 11241100x80000000000000004283363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d1ac3092e5ff102022-01-04 14:20:43.241root 11241100x80000000000000004283364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b003e330f8dd2bb22022-01-04 14:20:43.241root 11241100x80000000000000004283365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32c19b6d056df342022-01-04 14:20:43.241root 11241100x80000000000000004283366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.243{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45a0c214f90e6612022-01-04 14:20:43.243root 11241100x80000000000000004283367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff7ce102e9920c82022-01-04 14:20:43.244root 11241100x80000000000000004283368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b695216247c7022022-01-04 14:20:43.244root 11241100x80000000000000004283369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378d094d1367940a2022-01-04 14:20:43.244root 11241100x80000000000000004283370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026bd7e5a40c235a2022-01-04 14:20:43.244root 11241100x80000000000000004283371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c739c5cd98d2ca0c2022-01-04 14:20:43.244root 11241100x80000000000000004283372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9413986ffd7fad5e2022-01-04 14:20:43.244root 11241100x80000000000000004283373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f56790e45b50ff02022-01-04 14:20:43.244root 11241100x80000000000000004283374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0d8cdfee20507c2022-01-04 14:20:43.244root 11241100x80000000000000004283375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76792908ce682cf2022-01-04 14:20:43.244root 11241100x80000000000000004283376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e107b5885ebfe5302022-01-04 14:20:43.244root 11241100x80000000000000004283377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf7b2378cfa48652022-01-04 14:20:43.244root 11241100x80000000000000004283378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0e55a36f5a1232022-01-04 14:20:43.244root 11241100x80000000000000004283379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23e6872407cb1e62022-01-04 14:20:43.244root 11241100x80000000000000004283380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.244{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83dfa14de3fc0fd2022-01-04 14:20:43.244root 11241100x80000000000000004283381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a34f2cf259a7182022-01-04 14:20:43.245root 11241100x80000000000000004283382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2bd0e7c93a6e7f2022-01-04 14:20:43.245root 11241100x80000000000000004283383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ecb0618dce93cd2022-01-04 14:20:43.245root 11241100x80000000000000004283384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828e3ad175d94bf52022-01-04 14:20:43.245root 11241100x80000000000000004283385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e8b5e30926123a2022-01-04 14:20:43.245root 11241100x80000000000000004283386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2717ed8dd74e522022-01-04 14:20:43.245root 11241100x80000000000000004283387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdc2a33a5b4d0cf2022-01-04 14:20:43.245root 11241100x80000000000000004283388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8d5bd5fed92cc02022-01-04 14:20:43.245root 11241100x80000000000000004283389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cba98a49e178d202022-01-04 14:20:43.245root 11241100x80000000000000004283390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821ce9fbccb3cbbe2022-01-04 14:20:43.245root 11241100x80000000000000004283391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e0edebd11d35d02022-01-04 14:20:43.245root 11241100x80000000000000004283392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27660f090efc20ce2022-01-04 14:20:43.245root 11241100x80000000000000004283393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6189fe768d227d12022-01-04 14:20:43.245root 11241100x80000000000000004283394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.245{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a0027aab73a3892022-01-04 14:20:43.245root 11241100x80000000000000004283395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1520fdcb1072100d2022-01-04 14:20:43.246root 11241100x80000000000000004283396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f45d6c603f8de2022-01-04 14:20:43.246root 11241100x80000000000000004283397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c69708f6756a92022-01-04 14:20:43.246root 11241100x80000000000000004283398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ffafda5faf14692022-01-04 14:20:43.246root 11241100x80000000000000004283399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6049bbb83b4dc22022-01-04 14:20:43.246root 11241100x80000000000000004283400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a646e198dd6eb4aa2022-01-04 14:20:43.246root 11241100x80000000000000004283401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59070e9287518de02022-01-04 14:20:43.246root 11241100x80000000000000004283402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07f2005bcf708702022-01-04 14:20:43.246root 11241100x80000000000000004283403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af20af3e62938132022-01-04 14:20:43.246root 11241100x80000000000000004283404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced597a36782d3622022-01-04 14:20:43.246root 11241100x80000000000000004283405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dadd22785ff8f922022-01-04 14:20:43.246root 11241100x80000000000000004283406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3b04b6b08a4ee32022-01-04 14:20:43.246root 11241100x80000000000000004283407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a04d03148a7a232022-01-04 14:20:43.248root 11241100x80000000000000004283408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766f52192a788872022-01-04 14:20:43.249root 11241100x80000000000000004283409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e21214371791d92022-01-04 14:20:43.249root 11241100x80000000000000004283410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8962628747144da2022-01-04 14:20:43.249root 11241100x80000000000000004283411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9c58bab5688cae2022-01-04 14:20:43.249root 11241100x80000000000000004283412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c04a194700c02162022-01-04 14:20:43.249root 11241100x80000000000000004283413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8943edf1c86a97f2022-01-04 14:20:43.249root 11241100x80000000000000004283414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b832265b0f64e22022-01-04 14:20:43.249root 11241100x80000000000000004283415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca27dae5169aca62022-01-04 14:20:43.249root 11241100x80000000000000004283416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8a891d388fc53c2022-01-04 14:20:43.249root 11241100x80000000000000004283417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0dbbd4948fde732022-01-04 14:20:43.249root 11241100x80000000000000004283418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027683939c11d8032022-01-04 14:20:43.249root 11241100x80000000000000004283419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ed85387cfade1a2022-01-04 14:20:43.249root 11241100x80000000000000004283420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0e284334da6be2022-01-04 14:20:43.249root 11241100x80000000000000004283421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.249{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4f7f0f074670122022-01-04 14:20:43.249root 11241100x80000000000000004283422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5cfa562fbb7dcb2022-01-04 14:20:43.250root 11241100x80000000000000004283423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999d46fe5e5faa9a2022-01-04 14:20:43.250root 11241100x80000000000000004283424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba5476e9928ec372022-01-04 14:20:43.250root 11241100x80000000000000004283425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1542a60473bf512022-01-04 14:20:43.250root 11241100x80000000000000004283426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aba7612a35834f2022-01-04 14:20:43.250root 11241100x80000000000000004283427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2d710300d428472022-01-04 14:20:43.250root 11241100x80000000000000004283428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd6325a11ba10c82022-01-04 14:20:43.250root 11241100x80000000000000004283429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cae0793ba236ded2022-01-04 14:20:43.250root 11241100x80000000000000004283430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f322502064bd6ebc2022-01-04 14:20:43.250root 11241100x80000000000000004283431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c8b1dfd8ca3a952022-01-04 14:20:43.250root 11241100x80000000000000004283432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9490e849e946d9892022-01-04 14:20:43.250root 11241100x80000000000000004283433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f31bbf5c0eafd42022-01-04 14:20:43.250root 11241100x80000000000000004283434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.250{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807c94c14e5beb172022-01-04 14:20:43.250root 11241100x80000000000000004283435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cba20ae1c44ab62022-01-04 14:20:43.251root 11241100x80000000000000004283436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ed39dc7540376c2022-01-04 14:20:43.251root 11241100x80000000000000004283437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe5c56fd823814e2022-01-04 14:20:43.251root 11241100x80000000000000004283438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8318b7ed6683c4c2022-01-04 14:20:43.251root 11241100x80000000000000004283439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdf91656ae360a92022-01-04 14:20:43.251root 11241100x80000000000000004283440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f265ac04e6b3932022-01-04 14:20:43.251root 11241100x80000000000000004283441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aaa9f31fa2cd232022-01-04 14:20:43.251root 11241100x80000000000000004283442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29f617ad6b6a0902022-01-04 14:20:43.251root 11241100x80000000000000004283443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14033a0c64883b2022-01-04 14:20:43.251root 11241100x80000000000000004283444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa43a6f45dc2f32022-01-04 14:20:43.251root 11241100x80000000000000004283445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50df46e67b85ab02022-01-04 14:20:43.251root 11241100x80000000000000004283446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2904aec0b1c6bd2a2022-01-04 14:20:43.251root 11241100x80000000000000004283447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.251{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae07fbbd1865d4e2022-01-04 14:20:43.251root 11241100x80000000000000004283448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54740ce198e3dcfe2022-01-04 14:20:43.253root 11241100x80000000000000004283449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb782897ac16cdb02022-01-04 14:20:43.253root 11241100x80000000000000004283450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc96d0e27ba7a382022-01-04 14:20:43.253root 11241100x80000000000000004283451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb88095f922b1722022-01-04 14:20:43.253root 11241100x80000000000000004283452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef4cf4ae7b889062022-01-04 14:20:43.253root 11241100x80000000000000004283453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1831810f0273f1322022-01-04 14:20:43.253root 11241100x80000000000000004283454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5efb8a072861c682022-01-04 14:20:43.253root 11241100x80000000000000004283455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2521fbaab2dc4d2022-01-04 14:20:43.253root 11241100x80000000000000004283456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.253{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6114cad4c805082022-01-04 14:20:43.253root 11241100x80000000000000004283457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be56eee90c85a712022-01-04 14:20:43.254root 11241100x80000000000000004283458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6152a10b2eb35f6e2022-01-04 14:20:43.254root 11241100x80000000000000004283459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec90aa1c2bdfb672022-01-04 14:20:43.254root 11241100x80000000000000004283460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aab6a680b1a09322022-01-04 14:20:43.254root 11241100x80000000000000004283461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac98539c12c52e582022-01-04 14:20:43.254root 11241100x80000000000000004283462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0bf657d6e3cd422022-01-04 14:20:43.254root 11241100x80000000000000004283463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba63aa71b1ebf222022-01-04 14:20:43.254root 11241100x80000000000000004283464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de405f4bfa43fe832022-01-04 14:20:43.254root 11241100x80000000000000004283465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b5484b0ce9848c2022-01-04 14:20:43.254root 11241100x80000000000000004283466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.254{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584574c7d34759672022-01-04 14:20:43.254root 11241100x80000000000000004283467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983e8a32c98dd3652022-01-04 14:20:43.255root 11241100x80000000000000004283468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46838d7ad6a3d802022-01-04 14:20:43.255root 11241100x80000000000000004283469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be03229425f22de2022-01-04 14:20:43.255root 11241100x80000000000000004283470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc32099d5e14fb12022-01-04 14:20:43.255root 11241100x80000000000000004283471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5935de3511f9fc0f2022-01-04 14:20:43.255root 11241100x80000000000000004283472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d9ccb71e3058322022-01-04 14:20:43.255root 11241100x80000000000000004283473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bea633718dbbd972022-01-04 14:20:43.255root 11241100x80000000000000004283474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a78e4037bfdbd22022-01-04 14:20:43.255root 11241100x80000000000000004283475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5d51f2ab46e492022-01-04 14:20:43.255root 11241100x80000000000000004283476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.255{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266b603b6f4d701d2022-01-04 14:20:43.255root 11241100x80000000000000004283477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915f9a8b4f54678a2022-01-04 14:20:43.256root 11241100x80000000000000004283478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ace48fd070739f2022-01-04 14:20:43.256root 11241100x80000000000000004283479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5812a0cd548d22022-01-04 14:20:43.256root 11241100x80000000000000004283480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a7bf0f289450b82022-01-04 14:20:43.256root 11241100x80000000000000004283481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3be223a63fde0462022-01-04 14:20:43.256root 11241100x80000000000000004283482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86b40a4a6d56c7f2022-01-04 14:20:43.256root 11241100x80000000000000004283483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7204909652d805bd2022-01-04 14:20:43.256root 11241100x80000000000000004283484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7edc681a1300102022-01-04 14:20:43.256root 11241100x80000000000000004283485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e922d304a6614a92022-01-04 14:20:43.256root 11241100x80000000000000004283486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.256{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90466fa8a99d3cd2022-01-04 14:20:43.256root 11241100x80000000000000004283487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9b348dc1507c9c2022-01-04 14:20:43.257root 11241100x80000000000000004283488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7789e613db09122022-01-04 14:20:43.257root 11241100x80000000000000004283489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670a8aeb1a22e02b2022-01-04 14:20:43.257root 11241100x80000000000000004283490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f132608aa9c380d82022-01-04 14:20:43.257root 11241100x80000000000000004283491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6cd0523c6980382022-01-04 14:20:43.257root 11241100x80000000000000004283492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf2f97b616591402022-01-04 14:20:43.257root 11241100x80000000000000004283493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e93e4dab341a1de2022-01-04 14:20:43.257root 11241100x80000000000000004283494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8018f318cd59532022-01-04 14:20:43.257root 11241100x80000000000000004283495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059b705a9bf818432022-01-04 14:20:43.257root 11241100x80000000000000004283496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.257{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31923ef8ff630de92022-01-04 14:20:43.257root 11241100x80000000000000004283497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d4438fb8d206562022-01-04 14:20:43.258root 11241100x80000000000000004283498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0c2ffa283f94552022-01-04 14:20:43.258root 11241100x80000000000000004283499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca87cb79291e2fa02022-01-04 14:20:43.258root 11241100x80000000000000004283500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5d3c59831dc2132022-01-04 14:20:43.258root 11241100x80000000000000004283501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1212da831e60282022-01-04 14:20:43.258root 11241100x80000000000000004283502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2ffbd8af86bb092022-01-04 14:20:43.258root 11241100x80000000000000004283503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da92a4249b5eb6202022-01-04 14:20:43.258root 11241100x80000000000000004283504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607cd728ac480a7c2022-01-04 14:20:43.258root 11241100x80000000000000004283505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3993478ef1c6a4552022-01-04 14:20:43.258root 11241100x80000000000000004283506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.258{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a8f573693bbf42022-01-04 14:20:43.258root 11241100x80000000000000004283507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01da84e6efad1312022-01-04 14:20:43.259root 11241100x80000000000000004283508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b710b053f37c5bac2022-01-04 14:20:43.259root 11241100x80000000000000004283509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7e415e24c6ce912022-01-04 14:20:43.259root 11241100x80000000000000004283510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917980fe091bf0582022-01-04 14:20:43.259root 11241100x80000000000000004283511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c593676a6c27e2022-01-04 14:20:43.259root 11241100x80000000000000004283512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9c53c11f4bd31d2022-01-04 14:20:43.259root 11241100x80000000000000004283513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befda9f0fb9369622022-01-04 14:20:43.259root 11241100x80000000000000004283514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa5176effc8258e2022-01-04 14:20:43.259root 11241100x80000000000000004283515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f43d2de6f3a036d2022-01-04 14:20:43.259root 11241100x80000000000000004283516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.259{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4cb0eb4211cbb12022-01-04 14:20:43.259root 11241100x80000000000000004283517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99a395beda23b4d2022-01-04 14:20:43.260root 11241100x80000000000000004283518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6750dcc9278df4b42022-01-04 14:20:43.260root 11241100x80000000000000004283519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b313eacd6c7b832022-01-04 14:20:43.260root 11241100x80000000000000004283520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4993f4747ae42662022-01-04 14:20:43.260root 11241100x80000000000000004283521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8da805c07e720d42022-01-04 14:20:43.260root 11241100x80000000000000004283522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9484046f8e0d433f2022-01-04 14:20:43.260root 11241100x80000000000000004283523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fead39704be7b4c02022-01-04 14:20:43.260root 11241100x80000000000000004283524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e593f8b6a97902022-01-04 14:20:43.260root 11241100x80000000000000004283525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.260{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef566f0200d7c0952022-01-04 14:20:43.260root 11241100x80000000000000004283526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62cc264a2bd5b1e2022-01-04 14:20:43.261root 11241100x80000000000000004283527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4304127ddade82402022-01-04 14:20:43.261root 11241100x80000000000000004283528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b78286daca944d82022-01-04 14:20:43.261root 11241100x80000000000000004283529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067ce5537b53bb32022-01-04 14:20:43.261root 11241100x80000000000000004283530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cf795247fe5a962022-01-04 14:20:43.261root 11241100x80000000000000004283531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba55f9f3f08cda02022-01-04 14:20:43.261root 11241100x80000000000000004283532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880e01c30e7b300d2022-01-04 14:20:43.261root 11241100x80000000000000004283533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d668fd5c18d5b72022-01-04 14:20:43.261root 11241100x80000000000000004283534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800877d3fd1023f32022-01-04 14:20:43.261root 11241100x80000000000000004283535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.261{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58800b21eb6527492022-01-04 14:20:43.261root 11241100x80000000000000004283536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690b104d2f5238492022-01-04 14:20:43.262root 11241100x80000000000000004283537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccb17f4eeb0e4ce2022-01-04 14:20:43.262root 11241100x80000000000000004283538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd80c116848aa5c2022-01-04 14:20:43.262root 11241100x80000000000000004283539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321a5cfd8ca0841c2022-01-04 14:20:43.262root 11241100x80000000000000004283540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c92ba0847e311702022-01-04 14:20:43.262root 11241100x80000000000000004283541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92fc8e972869de02022-01-04 14:20:43.262root 11241100x80000000000000004283542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e0993669048edd2022-01-04 14:20:43.262root 11241100x80000000000000004283543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dfc3b49a4de08b2022-01-04 14:20:43.262root 11241100x80000000000000004283544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91578295ec2d5c32022-01-04 14:20:43.262root 11241100x80000000000000004283545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.262{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1d624b9088702e2022-01-04 14:20:43.262root 11241100x80000000000000004283546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390ffe0dade5abce2022-01-04 14:20:43.263root 11241100x80000000000000004283547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68876c097c463a22022-01-04 14:20:43.263root 11241100x80000000000000004283548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af6ce84a40780462022-01-04 14:20:43.263root 11241100x80000000000000004283549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4accc25d41395d62022-01-04 14:20:43.263root 11241100x80000000000000004283550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4338a09d8944cca2022-01-04 14:20:43.263root 11241100x80000000000000004283551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab1084be235e5032022-01-04 14:20:43.263root 11241100x80000000000000004283552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99b494ec94b15e92022-01-04 14:20:43.263root 11241100x80000000000000004283553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7d387b83f240082022-01-04 14:20:43.263root 11241100x80000000000000004283554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cd0082aaf5e1dc2022-01-04 14:20:43.263root 11241100x80000000000000004283555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.263{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307662aa4f93582c2022-01-04 14:20:43.263root 11241100x80000000000000004283556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b834ae6a591e9dd82022-01-04 14:20:43.264root 11241100x80000000000000004283557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30796a99d0e6ec6b2022-01-04 14:20:43.264root 11241100x80000000000000004283558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022784619a6bcbff2022-01-04 14:20:43.264root 11241100x80000000000000004283559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7737a113dbd4c42022-01-04 14:20:43.264root 11241100x80000000000000004283560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4038d0c77988f5ce2022-01-04 14:20:43.264root 11241100x80000000000000004283561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b78cb14865395d2022-01-04 14:20:43.264root 11241100x80000000000000004283562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd07ff80b5df9662022-01-04 14:20:43.264root 11241100x80000000000000004283563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44549028e69324c42022-01-04 14:20:43.264root 11241100x80000000000000004283564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af7b402dde96f2e2022-01-04 14:20:43.264root 11241100x80000000000000004283565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f179df319bb622022-01-04 14:20:43.710root 11241100x80000000000000004283566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aaa11b89590f8e2022-01-04 14:20:43.710root 11241100x80000000000000004283567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9083a2c0a94fef22022-01-04 14:20:43.710root 11241100x80000000000000004283568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8867660b4ab363732022-01-04 14:20:43.711root 11241100x80000000000000004283569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420848262d0c1dc2022-01-04 14:20:43.711root 11241100x80000000000000004283570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7d3cd8ba71f7e92022-01-04 14:20:43.711root 11241100x80000000000000004283571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425748ba597c14302022-01-04 14:20:43.711root 11241100x80000000000000004283572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba69e19515beed42022-01-04 14:20:43.711root 11241100x80000000000000004283573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e91d9db81d9b2f2022-01-04 14:20:43.711root 11241100x80000000000000004283574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5199785821a2a74c2022-01-04 14:20:43.711root 11241100x80000000000000004283575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9812013153ce1a2022-01-04 14:20:43.711root 11241100x80000000000000004283576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34d55d8951268802022-01-04 14:20:43.711root 11241100x80000000000000004283577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6846650c4e3fed5d2022-01-04 14:20:43.711root 11241100x80000000000000004283578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f685e3d2df59cb6c2022-01-04 14:20:43.711root 11241100x80000000000000004283579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b19e8123af81cb72022-01-04 14:20:43.711root 11241100x80000000000000004283580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb92150e4ffd9e572022-01-04 14:20:43.711root 11241100x80000000000000004283581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12362876914dc7fd2022-01-04 14:20:43.711root 11241100x80000000000000004283582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a29a3bd4140a512022-01-04 14:20:43.711root 11241100x80000000000000004283583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8b99feeaf25dec2022-01-04 14:20:43.712root 11241100x80000000000000004283584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab769227a7b7f4f2022-01-04 14:20:43.712root 11241100x80000000000000004283585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d0cbc5315495eb2022-01-04 14:20:43.712root 11241100x80000000000000004283586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6a6f37ce0bdd782022-01-04 14:20:43.712root 11241100x80000000000000004283587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfccd21e0ead9122022-01-04 14:20:43.712root 11241100x80000000000000004283588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54feac30e06e8d062022-01-04 14:20:43.712root 11241100x80000000000000004283589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b106c69419614bb32022-01-04 14:20:43.712root 11241100x80000000000000004283590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b9f5ce13cdd93c2022-01-04 14:20:43.712root 11241100x80000000000000004283591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b47e9a874486d92022-01-04 14:20:43.712root 11241100x80000000000000004283592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9978d886382a322022-01-04 14:20:43.712root 11241100x80000000000000004283593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428a39361d501ea02022-01-04 14:20:43.712root 11241100x80000000000000004283594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2624cde0a2ad72d2022-01-04 14:20:43.712root 11241100x80000000000000004283595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fd4acaf3d60f6e2022-01-04 14:20:43.712root 11241100x80000000000000004283596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc50035e74d1fdc2022-01-04 14:20:43.712root 11241100x80000000000000004283597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775392eb711107412022-01-04 14:20:43.712root 11241100x80000000000000004283598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238a25aba250d7a52022-01-04 14:20:43.713root 11241100x80000000000000004283599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eee61abfd69e5892022-01-04 14:20:43.713root 11241100x80000000000000004283600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b35dbaae50e061f2022-01-04 14:20:43.713root 11241100x80000000000000004283601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf5188ab00db1732022-01-04 14:20:43.713root 11241100x80000000000000004283602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2df7ab1a5734e172022-01-04 14:20:43.713root 11241100x80000000000000004283603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205fde742b75e7772022-01-04 14:20:43.713root 11241100x80000000000000004283604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ffbdc7b81a0b1c2022-01-04 14:20:43.713root 11241100x80000000000000004283605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ee566b62d962312022-01-04 14:20:43.713root 11241100x80000000000000004283606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9574e5d16dc7dd62022-01-04 14:20:43.713root 11241100x80000000000000004283607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05eeb64e720395be2022-01-04 14:20:43.713root 11241100x80000000000000004283608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff29adfb781f9942022-01-04 14:20:43.713root 11241100x80000000000000004283609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfef4fb58b61c982022-01-04 14:20:43.713root 11241100x80000000000000004283610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c80a4194d94fe82022-01-04 14:20:43.713root 11241100x80000000000000004283611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a832615d3d8db52022-01-04 14:20:43.714root 11241100x80000000000000004283612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0c23bf873fbe412022-01-04 14:20:43.714root 11241100x80000000000000004283613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041ca771ae69a3602022-01-04 14:20:43.714root 11241100x80000000000000004283614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dcb4eb603f37ab2022-01-04 14:20:43.714root 11241100x80000000000000004283615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da622473d1e123072022-01-04 14:20:43.714root 11241100x80000000000000004283616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc10f97beec8b252022-01-04 14:20:43.714root 11241100x80000000000000004283617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85fb2fd74dd6be92022-01-04 14:20:43.714root 11241100x80000000000000004283618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f685818d88d0c102022-01-04 14:20:43.714root 11241100x80000000000000004283619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7881e9a2a3d110f82022-01-04 14:20:43.714root 11241100x80000000000000004283620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5becfde8be4e7cd72022-01-04 14:20:43.714root 11241100x80000000000000004283621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aaa7c251adad082022-01-04 14:20:43.715root 11241100x80000000000000004283622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1f5815df7d3f402022-01-04 14:20:43.715root 11241100x80000000000000004283623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f3e60e6667de132022-01-04 14:20:43.715root 11241100x80000000000000004283624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fbefc554af42bf2022-01-04 14:20:43.715root 11241100x80000000000000004283625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214cf8154a97b4082022-01-04 14:20:43.715root 11241100x80000000000000004283626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adea7cab376563952022-01-04 14:20:43.716root 11241100x80000000000000004283627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4e159541b6b0802022-01-04 14:20:43.716root 11241100x80000000000000004283628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7334b1e4bb31f12022-01-04 14:20:43.716root 11241100x80000000000000004283629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634b98b840e962df2022-01-04 14:20:43.716root 11241100x80000000000000004283630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da809eec47c77052022-01-04 14:20:43.716root 11241100x80000000000000004283631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2022ea0ea292b2e82022-01-04 14:20:43.716root 11241100x80000000000000004283632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf445aa20d0142d2022-01-04 14:20:43.716root 11241100x80000000000000004283633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d3e91ef779fd342022-01-04 14:20:43.717root 11241100x80000000000000004283634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6d8c14181343642022-01-04 14:20:43.717root 11241100x80000000000000004283635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc3f9c3d6be4c812022-01-04 14:20:43.717root 11241100x80000000000000004283636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9340b8aeae984d352022-01-04 14:20:43.717root 11241100x80000000000000004283637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f6c740623f083f2022-01-04 14:20:43.717root 11241100x80000000000000004283638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627abf0f71fbdbeb2022-01-04 14:20:43.717root 11241100x80000000000000004283639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f02930fe80c90382022-01-04 14:20:43.718root 11241100x80000000000000004283640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e124eafba6e201a2022-01-04 14:20:43.718root 11241100x80000000000000004283641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74721037bc32d1ef2022-01-04 14:20:43.718root 11241100x80000000000000004283642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e88131b4312e4442022-01-04 14:20:43.718root 11241100x80000000000000004283643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864d95155df9ee582022-01-04 14:20:43.718root 11241100x80000000000000004283644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c928740eb8efabc32022-01-04 14:20:43.718root 11241100x80000000000000004283645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242d2a40f965d8db2022-01-04 14:20:43.718root 11241100x80000000000000004283646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323e33eafb862c7a2022-01-04 14:20:43.718root 11241100x80000000000000004283647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecf8102784f34a42022-01-04 14:20:43.718root 11241100x80000000000000004283648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72d05917c968c3e2022-01-04 14:20:43.718root 11241100x80000000000000004283649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e969a7441af2ac2022-01-04 14:20:43.719root 11241100x80000000000000004283650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b4bfa5919bc15e2022-01-04 14:20:43.719root 11241100x80000000000000004283651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2249ababf98e090f2022-01-04 14:20:43.719root 11241100x80000000000000004283652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4840f62d321dfe702022-01-04 14:20:43.719root 11241100x80000000000000004283653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a0d2148140ec332022-01-04 14:20:43.719root 11241100x80000000000000004283654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d277314788f171b22022-01-04 14:20:43.719root 11241100x80000000000000004283655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e8e779a0e7afb2022-01-04 14:20:43.720root 11241100x80000000000000004283656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af66f41577b53b462022-01-04 14:20:43.720root 11241100x80000000000000004283657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41e65d6a9ebc4ef2022-01-04 14:20:43.720root 11241100x80000000000000004283658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18449a75f7036fef2022-01-04 14:20:43.720root 11241100x80000000000000004283659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed80caeaa9c126f2022-01-04 14:20:43.720root 11241100x80000000000000004283660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4195348a54b0a7e2022-01-04 14:20:43.720root 11241100x80000000000000004283661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782b92124ca1f1582022-01-04 14:20:43.720root 11241100x80000000000000004283662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.720{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c360456d694cbfee2022-01-04 14:20:43.720root 11241100x80000000000000004283663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa35623f45daf0d2022-01-04 14:20:43.721root 11241100x80000000000000004283664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a22adca93650d612022-01-04 14:20:43.721root 11241100x80000000000000004283665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effae6166c565e622022-01-04 14:20:43.721root 11241100x80000000000000004283666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e454692920c062022-01-04 14:20:43.721root 11241100x80000000000000004283667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b80e26b2aed58c2022-01-04 14:20:43.721root 11241100x80000000000000004283668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa9b55f4f8642dd2022-01-04 14:20:43.721root 11241100x80000000000000004283669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b393928b5458ad382022-01-04 14:20:43.721root 11241100x80000000000000004283670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b117346cefda5c0d2022-01-04 14:20:43.721root 11241100x80000000000000004283671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f0310f1d0fa0762022-01-04 14:20:43.721root 11241100x80000000000000004283672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.721{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abfef3cf21a9e6d2022-01-04 14:20:43.721root 11241100x80000000000000004283673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10311ae5736a1d572022-01-04 14:20:43.722root 11241100x80000000000000004283674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbc41a2a78dcdc32022-01-04 14:20:43.722root 11241100x80000000000000004283675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e871f3fa7eb5e92b2022-01-04 14:20:43.722root 11241100x80000000000000004283676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4809b23974dbff3e2022-01-04 14:20:43.722root 11241100x80000000000000004283677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7221c7b0db1ca22022-01-04 14:20:43.722root 11241100x80000000000000004283678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f662379be92f7ae12022-01-04 14:20:43.722root 11241100x80000000000000004283679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76134ef0e3bde1812022-01-04 14:20:43.722root 11241100x80000000000000004283680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95c3949217acf222022-01-04 14:20:43.723root 11241100x80000000000000004283681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b87679a0345612022-01-04 14:20:43.723root 11241100x80000000000000004283682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713e7a4b76c27e6f2022-01-04 14:20:43.723root 11241100x80000000000000004283683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43f03fb3e81c7762022-01-04 14:20:43.723root 11241100x80000000000000004283684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c7626af4800b962022-01-04 14:20:43.723root 11241100x80000000000000004283685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874941b4823d981c2022-01-04 14:20:43.723root 11241100x80000000000000004283686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb5db35c40d6a172022-01-04 14:20:43.723root 11241100x80000000000000004283687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d4a9d4dccc2c7c2022-01-04 14:20:43.723root 11241100x80000000000000004283688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.723{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ac8d516fb9496e2022-01-04 14:20:43.723root 11241100x80000000000000004283689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eee6e4d33fa2cc2022-01-04 14:20:43.724root 11241100x80000000000000004283690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660bf8f8b05b07fa2022-01-04 14:20:43.724root 11241100x80000000000000004283691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef98fedf7bf5d4b42022-01-04 14:20:43.724root 11241100x80000000000000004283692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6babc1b7aa311a9b2022-01-04 14:20:43.724root 11241100x80000000000000004283693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5f97cf815042442022-01-04 14:20:43.724root 11241100x80000000000000004283694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.724{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d7220c8d57b1b72022-01-04 14:20:43.724root 11241100x80000000000000004283695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43964c3b7395b572022-01-04 14:20:43.725root 11241100x80000000000000004283696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d6fa2dac84ce072022-01-04 14:20:43.725root 11241100x80000000000000004283697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57db8a85e63f9eb2022-01-04 14:20:43.725root 11241100x80000000000000004283698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef5bc84bdf6ed6b2022-01-04 14:20:43.725root 11241100x80000000000000004283699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af39d54e0cd1bb502022-01-04 14:20:43.725root 11241100x80000000000000004283700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe58aed71fcfd882022-01-04 14:20:43.725root 11241100x80000000000000004283701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312ba98f3d5f46e82022-01-04 14:20:43.725root 11241100x80000000000000004283702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a4e182bbe2f4862022-01-04 14:20:43.725root 11241100x80000000000000004283703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.725{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb22afc9c1feef22022-01-04 14:20:43.725root 11241100x80000000000000004283704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f3db91b513e7a62022-01-04 14:20:43.726root 11241100x80000000000000004283705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553d2a5c84d5b0642022-01-04 14:20:43.726root 11241100x80000000000000004283706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc292f0f707d23132022-01-04 14:20:43.726root 11241100x80000000000000004283707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e09fda21e8967fd2022-01-04 14:20:43.726root 11241100x80000000000000004283708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f79cb81e36a21c2022-01-04 14:20:43.726root 11241100x80000000000000004283709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb1a9832f380092022-01-04 14:20:43.726root 11241100x80000000000000004283710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000ea9ee716fdcac2022-01-04 14:20:43.726root 11241100x80000000000000004283711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa4f34a795ee1a02022-01-04 14:20:43.726root 11241100x80000000000000004283712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.726{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4e8772a5dde7062022-01-04 14:20:43.726root 11241100x80000000000000004283713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2241cd6e94439ba2022-01-04 14:20:43.727root 11241100x80000000000000004283714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485d82115b877a0a2022-01-04 14:20:43.727root 11241100x80000000000000004283715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517d120daec1c1da2022-01-04 14:20:43.727root 11241100x80000000000000004283716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b595fb65a06e55102022-01-04 14:20:43.727root 11241100x80000000000000004283717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ed37f81699d4902022-01-04 14:20:43.727root 11241100x80000000000000004283718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce358038a390b602022-01-04 14:20:43.727root 11241100x80000000000000004283719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3134da82b6152c5c2022-01-04 14:20:43.727root 11241100x80000000000000004283720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.727{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd76490409bd8c072022-01-04 14:20:43.727root 11241100x80000000000000004283721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcbcc968a147c2d2022-01-04 14:20:43.728root 11241100x80000000000000004283722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15db0ee95817237a2022-01-04 14:20:43.728root 11241100x80000000000000004283723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6217c08db319b5d32022-01-04 14:20:43.728root 11241100x80000000000000004283724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5a6c9889eb05432022-01-04 14:20:43.728root 11241100x80000000000000004283725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.728{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ce0f718a463eda2022-01-04 14:20:43.728root 11241100x80000000000000004283726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58cc6d44f9f36552022-01-04 14:20:43.729root 11241100x80000000000000004283727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.729{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb38b445de6649182022-01-04 14:20:43.729root 11241100x80000000000000004283728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8329749c52a75532022-01-04 14:20:43.730root 11241100x80000000000000004283729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29468ea9aebf76a52022-01-04 14:20:43.730root 11241100x80000000000000004283730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3044b278a9e410342022-01-04 14:20:43.730root 11241100x80000000000000004283731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e31b4f65af4f602022-01-04 14:20:43.730root 11241100x80000000000000004283732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbdb9f57e62fd6a2022-01-04 14:20:43.730root 11241100x80000000000000004283733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675efcb6aea752482022-01-04 14:20:43.730root 11241100x80000000000000004283734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ec3fa85c9a3f392022-01-04 14:20:43.730root 11241100x80000000000000004283735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.730{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eeca85a40d7d9c2022-01-04 14:20:43.730root 11241100x80000000000000004283736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e6df8d5c417d672022-01-04 14:20:43.731root 11241100x80000000000000004283737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4f7fa66d177ad42022-01-04 14:20:43.731root 11241100x80000000000000004283738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800a3722fc66c28e2022-01-04 14:20:43.731root 11241100x80000000000000004283739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39e68be490fa1142022-01-04 14:20:43.731root 11241100x80000000000000004283740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c648b7943ea26ee2022-01-04 14:20:43.731root 11241100x80000000000000004283741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14471b3db4b364e2022-01-04 14:20:43.731root 11241100x80000000000000004283742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da3b0eb9e66c0612022-01-04 14:20:43.731root 11241100x80000000000000004283743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.731{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7d6d104cfe90922022-01-04 14:20:43.731root 11241100x80000000000000004283744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbe56a3998ad2962022-01-04 14:20:43.732root 11241100x80000000000000004283745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a829551dd9bccfdf2022-01-04 14:20:43.732root 11241100x80000000000000004283746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5175ad3162bf147b2022-01-04 14:20:43.732root 11241100x80000000000000004283747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54be54ba1fe9f9382022-01-04 14:20:43.732root 11241100x80000000000000004283748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af9e3de05022ae32022-01-04 14:20:43.732root 11241100x80000000000000004283749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86a3dc4519ab92e2022-01-04 14:20:43.732root 11241100x80000000000000004283750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0f8dc2261b9f3d2022-01-04 14:20:43.732root 11241100x80000000000000004283751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0469be44a15aeefd2022-01-04 14:20:43.732root 11241100x80000000000000004283752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:43.732{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becf975f65baf7252022-01-04 14:20:43.732root 11241100x80000000000000004283753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ed0ddcf079945b2022-01-04 14:20:44.209root 354300x80000000000000004283812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:59.181{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41564-false10.0.1.12-8000- 11241100x80000000000000004283813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2930b59a58b46e12022-01-04 14:20:59.459root 11241100x80000000000000004283814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acca18e636716a72022-01-04 14:20:59.959root 11241100x80000000000000004283815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:00.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b652fbd9a1c1e972022-01-04 14:21:00.459root 11241100x80000000000000004283816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:00.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c26e04fb4bb9e8b2022-01-04 14:21:00.959root 11241100x80000000000000004283817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:01.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:21:01.221root 11241100x80000000000000004283818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d069399765b6922022-01-04 14:21:01.222root 11241100x80000000000000004283819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eaf732144a42502022-01-04 14:21:01.709root 11241100x80000000000000004283820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd09da80551cdfa2022-01-04 14:21:01.709root 11241100x80000000000000004283821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaec6a729c0c9462022-01-04 14:21:02.209root 11241100x80000000000000004283822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0845f11af92712fd2022-01-04 14:21:02.209root 11241100x80000000000000004283823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e33995f692c79622022-01-04 14:21:02.709root 11241100x80000000000000004283824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507a60bcfa803e632022-01-04 14:21:02.709root 11241100x80000000000000004283825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e78d2753f890c632022-01-04 14:21:03.209root 11241100x80000000000000004283826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6d2331f4ef67fb2022-01-04 14:21:03.209root 11241100x80000000000000004283827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b742a9a8cac4096e2022-01-04 14:21:03.709root 11241100x80000000000000004283828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00005d0917f0cbfa2022-01-04 14:21:03.709root 11241100x80000000000000004283829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06149ef4a4a536502022-01-04 14:21:04.209root 11241100x80000000000000004283830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a26fc38f9b884f2022-01-04 14:21:04.209root 23542300x80000000000000004283831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:04.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004283832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d3d79f9fd3a2a22022-01-04 14:21:04.709root 11241100x80000000000000004283833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a13f98ae2ebebb2022-01-04 14:21:04.710root 11241100x80000000000000004283834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc67beb6227d7432022-01-04 14:21:04.711root 354300x80000000000000004283835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.054{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41566-false10.0.1.12-8000- 11241100x80000000000000004283836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13cea55b10032f12022-01-04 14:21:05.055root 11241100x80000000000000004283837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a1678754d424da2022-01-04 14:21:05.055root 11241100x80000000000000004283838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35615b9742925eb12022-01-04 14:21:05.055root 11241100x80000000000000004283839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cb5fb8971eb9252022-01-04 14:21:05.055root 11241100x80000000000000004283840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee5eae1600ac542022-01-04 14:21:05.459root 11241100x80000000000000004283841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37969fa681680cc82022-01-04 14:21:05.459root 11241100x80000000000000004283842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d60e091ae746e8d2022-01-04 14:21:05.459root 11241100x80000000000000004283843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47f82948658adf22022-01-04 14:21:05.459root 11241100x80000000000000004283844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34058d0309c9535b2022-01-04 14:21:05.959root 11241100x80000000000000004283845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617463602d098a5f2022-01-04 14:21:05.959root 11241100x80000000000000004283846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a457467bf3bc2912022-01-04 14:21:05.959root 11241100x80000000000000004283847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4ce15f9a590fd82022-01-04 14:21:05.959root 11241100x80000000000000004283848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be3a5db8336053b2022-01-04 14:21:06.459root 11241100x80000000000000004283849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9b871f7da6f47a2022-01-04 14:21:06.459root 11241100x80000000000000004283850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7811c2f857ad730a2022-01-04 14:21:06.459root 11241100x80000000000000004283851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc9d9e83c42c5ff2022-01-04 14:21:06.459root 11241100x80000000000000004283852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e00403e9bb5372022-01-04 14:21:06.959root 11241100x80000000000000004283853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e163f0bb7dcf906e2022-01-04 14:21:06.959root 11241100x80000000000000004283854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76dde48b0b03a252022-01-04 14:21:06.959root 11241100x80000000000000004283855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3e38af73a368232022-01-04 14:21:06.959root 11241100x80000000000000004283856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422fbdfc8d48fa9f2022-01-04 14:21:07.459root 11241100x80000000000000004283857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848d0e3bfb3b6df2022-01-04 14:21:07.459root 11241100x80000000000000004283858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ed4fe681910b712022-01-04 14:21:07.459root 11241100x80000000000000004283859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8dd8de0ba23e562022-01-04 14:21:07.459root 154100x80000000000000004283860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.869{ec2e79f3-57d3-61d4-6874-f1d72b560000}15006/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000004283861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17facf78f21cf61a2022-01-04 14:21:07.870root 11241100x80000000000000004283862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34041aec1b90f962022-01-04 14:21:07.870root 11241100x80000000000000004283863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fc540f659a93fe2022-01-04 14:21:07.870root 11241100x80000000000000004283864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f615dde9897802022-01-04 14:21:07.871root 534500x80000000000000004283865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:07.881{ec2e79f3-57d3-61d4-6874-f1d72b560000}15006/bin/psroot 11241100x80000000000000004283866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a074ba23d2ddac842022-01-04 14:21:08.209root 11241100x80000000000000004283867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf8015fd8a95b652022-01-04 14:21:08.209root 11241100x80000000000000004283868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704351a2d44c8e1c2022-01-04 14:21:08.210root 11241100x80000000000000004283869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae354c13328f1b4e2022-01-04 14:21:08.210root 11241100x80000000000000004283870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512c1ca8c0c085b82022-01-04 14:21:08.210root 11241100x80000000000000004283871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffbeba87dc9e4b42022-01-04 14:21:08.210root 11241100x80000000000000004283872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7860fc193e86c8642022-01-04 14:21:08.709root 11241100x80000000000000004283873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c942645c398f4002022-01-04 14:21:08.709root 11241100x80000000000000004283874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b26cc6d8b80f0e52022-01-04 14:21:08.710root 11241100x80000000000000004283875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874b553e3f6fc7d42022-01-04 14:21:08.710root 11241100x80000000000000004283876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38baafb29999aec42022-01-04 14:21:08.710root 11241100x80000000000000004283877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38274491b43d19952022-01-04 14:21:08.711root 11241100x80000000000000004283878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e6ccee17026f032022-01-04 14:21:09.209root 11241100x80000000000000004283879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c789b2712540b0e2022-01-04 14:21:09.209root 11241100x80000000000000004283880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae97626354645d842022-01-04 14:21:09.210root 11241100x80000000000000004283881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2ad671583cf0f72022-01-04 14:21:09.210root 11241100x80000000000000004283882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5b11e91beb65b32022-01-04 14:21:09.210root 11241100x80000000000000004283883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659a769555ae59702022-01-04 14:21:09.210root 11241100x80000000000000004283884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c01a9a3c4e31b2022-01-04 14:21:09.709root 11241100x80000000000000004283885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd79bb6671ac398c2022-01-04 14:21:09.709root 11241100x80000000000000004283886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bdf0d882dc06932022-01-04 14:21:09.710root 11241100x80000000000000004283887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0825e6ddb6507d2022-01-04 14:21:09.710root 11241100x80000000000000004283888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c05c5380fa24fa2022-01-04 14:21:09.710root 11241100x80000000000000004283889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a69fc9e3ebceb632022-01-04 14:21:09.710root 354300x80000000000000004283890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.054{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41568-false10.0.1.12-8000- 11241100x80000000000000004283891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e22111d08b838ce2022-01-04 14:21:10.055root 11241100x80000000000000004283892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d376f61604e645f32022-01-04 14:21:10.055root 11241100x80000000000000004283893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c589ba2a29ed20c72022-01-04 14:21:10.055root 11241100x80000000000000004283894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d2aa6309f7e7e2022-01-04 14:21:10.055root 11241100x80000000000000004283895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad5190045c1ef7d2022-01-04 14:21:10.055root 11241100x80000000000000004283896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1a5987a3694b6d2022-01-04 14:21:10.055root 11241100x80000000000000004283897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b054d22b37b4f92022-01-04 14:21:10.055root 11241100x80000000000000004283898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e9e22a69e05b792022-01-04 14:21:10.459root 11241100x80000000000000004283899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03f31bfc4dde8282022-01-04 14:21:10.459root 11241100x80000000000000004283900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004607961dc421662022-01-04 14:21:10.459root 11241100x80000000000000004283901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4b3e99c3fbeab42022-01-04 14:21:10.459root 11241100x80000000000000004283902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a05881e67ebf3192022-01-04 14:21:10.459root 11241100x80000000000000004283903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78970a4a03115722022-01-04 14:21:10.460root 11241100x80000000000000004283904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af53bd32f348a99e2022-01-04 14:21:10.460root 11241100x80000000000000004283905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efac8ca0ba6fd3b2022-01-04 14:21:10.959root 11241100x80000000000000004283906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10ebdcf5e1df3fc2022-01-04 14:21:10.959root 11241100x80000000000000004283907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431613ba9a1df72d2022-01-04 14:21:10.959root 11241100x80000000000000004283908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aacadcaf1e0ef0a2022-01-04 14:21:10.959root 11241100x80000000000000004283909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327b1a3779c62bc92022-01-04 14:21:10.960root 11241100x80000000000000004283910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71227e1f30e978412022-01-04 14:21:10.960root 11241100x80000000000000004283911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894715e9668353532022-01-04 14:21:10.960root 11241100x80000000000000004283912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512d0b0fa49e760e2022-01-04 14:21:11.459root 11241100x80000000000000004283913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56461308d9db753e2022-01-04 14:21:11.459root 11241100x80000000000000004283914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b8c58f1914b58e2022-01-04 14:21:11.459root 11241100x80000000000000004283915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68b5315b4d6c6062022-01-04 14:21:11.459root 11241100x80000000000000004283916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdb3321c871335e2022-01-04 14:21:11.459root 11241100x80000000000000004283917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930d326ab600f4f2022-01-04 14:21:11.460root 11241100x80000000000000004283918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d4cf744e8c733b2022-01-04 14:21:11.460root 11241100x80000000000000004283919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408582434b5f6f112022-01-04 14:21:11.959root 11241100x80000000000000004283920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dc40fb5269f9942022-01-04 14:21:11.959root 11241100x80000000000000004283921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe07959b966e7272022-01-04 14:21:11.959root 11241100x80000000000000004283922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6280fdddaa08ef982022-01-04 14:21:11.959root 11241100x80000000000000004283923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af355a7ecc098062022-01-04 14:21:11.959root 11241100x80000000000000004283924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a3a0973f7448a2022-01-04 14:21:11.959root 11241100x80000000000000004283925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585568dbaa80a0ad2022-01-04 14:21:11.960root 11241100x80000000000000004283926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76846516fcb7364b2022-01-04 14:21:12.459root 11241100x80000000000000004283927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57c91a73bd4cf652022-01-04 14:21:12.459root 11241100x80000000000000004283928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0364c002965b2e222022-01-04 14:21:12.459root 11241100x80000000000000004283929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf6857c78cdc8e22022-01-04 14:21:12.459root 11241100x80000000000000004283930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b355c286e2a3bd22022-01-04 14:21:12.459root 11241100x80000000000000004283931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8104558cc4d84b52022-01-04 14:21:12.459root 11241100x80000000000000004283932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eeb6ce113d9d0c2022-01-04 14:21:12.460root 11241100x80000000000000004283933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a58ca7f6e208722022-01-04 14:21:12.959root 11241100x80000000000000004283934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b859515c0cff66e2022-01-04 14:21:12.959root 11241100x80000000000000004283935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e714e75e0f2a72022-01-04 14:21:12.959root 11241100x80000000000000004283936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed5d9000e955f742022-01-04 14:21:12.959root 11241100x80000000000000004283937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c104758dac8ac462022-01-04 14:21:12.959root 11241100x80000000000000004283938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcc8a4291f206b62022-01-04 14:21:12.959root 11241100x80000000000000004283939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61cbd98a52b72e12022-01-04 14:21:12.960root 11241100x80000000000000004283940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc48ce5f2da1af82022-01-04 14:21:13.459root 11241100x80000000000000004283941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3ef7661ef610602022-01-04 14:21:13.459root 11241100x80000000000000004283942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fed618e7632083a2022-01-04 14:21:13.459root 11241100x80000000000000004283943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f352c704d18a90dc2022-01-04 14:21:13.459root 11241100x80000000000000004283944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25f58c074d4b342022-01-04 14:21:13.459root 11241100x80000000000000004283945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10482dc645c14612022-01-04 14:21:13.459root 11241100x80000000000000004283946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1285978e32fe6a2022-01-04 14:21:13.460root 11241100x80000000000000004283947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c0417935a4d9f52022-01-04 14:21:13.959root 11241100x80000000000000004283948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd34f5d8d110ab62022-01-04 14:21:13.959root 11241100x80000000000000004283949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced06d6c598940412022-01-04 14:21:13.959root 11241100x80000000000000004283950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01c719235ca909e2022-01-04 14:21:13.959root 11241100x80000000000000004283951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47542740bd875dc22022-01-04 14:21:13.959root 11241100x80000000000000004283952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13ed64001d6d4d52022-01-04 14:21:13.959root 11241100x80000000000000004283953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208a2b2934fab7352022-01-04 14:21:13.960root 11241100x80000000000000004283954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a8087b5996d9c32022-01-04 14:21:14.459root 11241100x80000000000000004283955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d2cc7c1378b4232022-01-04 14:21:14.459root 11241100x80000000000000004283956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c916a80ab6da82022-01-04 14:21:14.459root 11241100x80000000000000004283957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9181648170a9e4c2022-01-04 14:21:14.459root 11241100x80000000000000004283958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6267b4a55836b9252022-01-04 14:21:14.459root 11241100x80000000000000004283959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09ce48169f3c2d72022-01-04 14:21:14.459root 11241100x80000000000000004283960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d31f735e6479822022-01-04 14:21:14.460root 11241100x80000000000000004283961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878c2bb581c52af02022-01-04 14:21:14.959root 11241100x80000000000000004283962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0284270758f23812022-01-04 14:21:14.959root 11241100x80000000000000004283963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1ca7ff0dc501f22022-01-04 14:21:14.959root 11241100x80000000000000004283964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e661aa22eb34c1952022-01-04 14:21:14.959root 11241100x80000000000000004283965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286b23cdc73451d92022-01-04 14:21:14.959root 11241100x80000000000000004283966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd2d138d6356f02022-01-04 14:21:14.960root 11241100x80000000000000004283967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6244387a1612252022-01-04 14:21:14.960root 354300x80000000000000004283968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.089{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41570-false10.0.1.12-8000- 11241100x80000000000000004283969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688052ca49d1c6ef2022-01-04 14:21:15.459root 11241100x80000000000000004283970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8669e7abc3d5df462022-01-04 14:21:15.459root 11241100x80000000000000004283971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aa5f0304c041f22022-01-04 14:21:15.459root 11241100x80000000000000004283972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bc3b28b7a4d4972022-01-04 14:21:15.459root 11241100x80000000000000004283973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a0dcfeb2b6b8692022-01-04 14:21:15.460root 11241100x80000000000000004283974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864f1afdf22c2cc22022-01-04 14:21:15.460root 11241100x80000000000000004283975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e531da3f714c9942022-01-04 14:21:15.460root 11241100x80000000000000004283976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a0070d4684d6602022-01-04 14:21:15.460root 11241100x80000000000000004283977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeef8c3e4c962692022-01-04 14:21:15.959root 11241100x80000000000000004283978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7276fbd8f66d27412022-01-04 14:21:15.959root 11241100x80000000000000004283979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b31b21fa98aef512022-01-04 14:21:15.959root 11241100x80000000000000004283980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7565ca77ef38c82e2022-01-04 14:21:15.959root 11241100x80000000000000004283981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa1f98a4334750e2022-01-04 14:21:15.959root 11241100x80000000000000004283982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b6e0d10d6073a92022-01-04 14:21:15.960root 11241100x80000000000000004283983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bce7c116db41dea2022-01-04 14:21:15.960root 11241100x80000000000000004283984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11dd4d31644238d2022-01-04 14:21:15.960root 11241100x80000000000000004283985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf52d81dba423442022-01-04 14:21:16.459root 11241100x80000000000000004283986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c655768585f4c5812022-01-04 14:21:16.459root 11241100x80000000000000004283987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8187bf4cabe58b2022-01-04 14:21:16.459root 11241100x80000000000000004283988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8275581bd0c750502022-01-04 14:21:16.459root 11241100x80000000000000004283989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd210f61cc1020052022-01-04 14:21:16.459root 11241100x80000000000000004283990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eedd9a46ba995c2022-01-04 14:21:16.460root 11241100x80000000000000004283991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a39b25f831dd0a72022-01-04 14:21:16.460root 11241100x80000000000000004283992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918669c4910f9ad2022-01-04 14:21:16.460root 11241100x80000000000000004283993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cb00a337baa2072022-01-04 14:21:16.959root 11241100x80000000000000004283994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3cd5f33ac876ea2022-01-04 14:21:16.959root 11241100x80000000000000004283995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c29143c4b1773a2022-01-04 14:21:16.959root 11241100x80000000000000004283996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7632a8609f73eec02022-01-04 14:21:16.959root 11241100x80000000000000004283997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eae103ff7ab68b02022-01-04 14:21:16.960root 11241100x80000000000000004283998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53983bda2da7e292022-01-04 14:21:16.960root 11241100x80000000000000004283999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba668247ee04fa32022-01-04 14:21:16.960root 11241100x80000000000000004284000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0250a84474b9732022-01-04 14:21:16.960root 11241100x80000000000000004284001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d30574e762e4442022-01-04 14:21:17.459root 11241100x80000000000000004284002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7037f51abef163c02022-01-04 14:21:17.459root 11241100x80000000000000004284003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4078b82f2209bb2022-01-04 14:21:17.459root 11241100x80000000000000004284004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544ef1eb95d474362022-01-04 14:21:17.459root 11241100x80000000000000004284005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db7aaeff4668b252022-01-04 14:21:17.459root 11241100x80000000000000004284006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73dc5c1d73bba972022-01-04 14:21:17.460root 11241100x80000000000000004284007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b044283055dafc722022-01-04 14:21:17.460root 11241100x80000000000000004284008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327fdc2438843bce2022-01-04 14:21:17.460root 11241100x80000000000000004284009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8291b71b6c4bd532022-01-04 14:21:17.959root 11241100x80000000000000004284010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb6ecd2521f0a32022-01-04 14:21:17.959root 11241100x80000000000000004284011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0beaa141c301f2022-01-04 14:21:17.959root 11241100x80000000000000004284012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a8a963c8a512fc2022-01-04 14:21:17.959root 11241100x80000000000000004284013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e2b58a9cef98c52022-01-04 14:21:17.959root 11241100x80000000000000004284014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63124cb7c7f21a9e2022-01-04 14:21:17.960root 11241100x80000000000000004284015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecd13bde0eded212022-01-04 14:21:17.960root 11241100x80000000000000004284016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa678fec3764e542022-01-04 14:21:17.960root 11241100x80000000000000004284017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ebc1cb095c148c2022-01-04 14:21:18.459root 11241100x80000000000000004284018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ead0bae09416ca2022-01-04 14:21:18.459root 11241100x80000000000000004284019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b17753cbc2d9232022-01-04 14:21:18.459root 11241100x80000000000000004284020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf58c75f6b4d0882022-01-04 14:21:18.460root 11241100x80000000000000004284021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6daf460cf6aea06e2022-01-04 14:21:18.460root 11241100x80000000000000004284022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99723e8ee199aae2022-01-04 14:21:18.460root 11241100x80000000000000004284023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e055048a227ec642022-01-04 14:21:18.460root 11241100x80000000000000004284024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c13f3cccc5477992022-01-04 14:21:18.460root 11241100x80000000000000004284025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e686172d374dc3f52022-01-04 14:21:18.959root 11241100x80000000000000004284026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b446b0588248f52022-01-04 14:21:18.959root 11241100x80000000000000004284027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a914b2d4108742212022-01-04 14:21:18.959root 11241100x80000000000000004284028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a1c75e180cbb5c2022-01-04 14:21:18.959root 11241100x80000000000000004284029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e220115c8be65a2022-01-04 14:21:18.960root 11241100x80000000000000004284030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5b6341f752ecf32022-01-04 14:21:18.960root 11241100x80000000000000004284031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb0f72fdbff2bdf2022-01-04 14:21:18.960root 11241100x80000000000000004284032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477b1d21bb10498d2022-01-04 14:21:18.960root 11241100x80000000000000004284033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bbb41537d13e162022-01-04 14:21:19.459root 11241100x80000000000000004284034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cf1d06102109812022-01-04 14:21:19.459root 11241100x80000000000000004284035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a1c60342894e1f2022-01-04 14:21:19.459root 11241100x80000000000000004284036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c81c8f3a07640922022-01-04 14:21:19.459root 11241100x80000000000000004284037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6b40c6a637ad7d2022-01-04 14:21:19.459root 11241100x80000000000000004284038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87976270c61024522022-01-04 14:21:19.460root 11241100x80000000000000004284039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9655a57bc1794e2022-01-04 14:21:19.460root 11241100x80000000000000004284040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fb098628a0f9252022-01-04 14:21:19.460root 11241100x80000000000000004284041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c9e056b857580c2022-01-04 14:21:19.959root 11241100x80000000000000004284042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd4c9dc0bb4b20d2022-01-04 14:21:19.959root 11241100x80000000000000004284043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98e53e0646417e52022-01-04 14:21:19.959root 11241100x80000000000000004284044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2a88a14c532fa62022-01-04 14:21:19.960root 11241100x80000000000000004284045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bff2bd47a1f59c2022-01-04 14:21:19.960root 11241100x80000000000000004284046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0fffd513f2280d2022-01-04 14:21:19.960root 11241100x80000000000000004284047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db479f689a4ecdb92022-01-04 14:21:19.960root 11241100x80000000000000004284048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9644e0bb4fa550e2022-01-04 14:21:19.960root 354300x80000000000000004284049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.090{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41572-false10.0.1.12-8000- 11241100x80000000000000004284050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f4f73aa9f3e9a52022-01-04 14:21:20.459root 11241100x80000000000000004284051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ae99d1c4323e832022-01-04 14:21:20.459root 11241100x80000000000000004284052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7736845e2a50c6b2022-01-04 14:21:20.459root 11241100x80000000000000004284053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13a51187bcb25122022-01-04 14:21:20.460root 11241100x80000000000000004284054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f76eaae8018fbbd2022-01-04 14:21:20.460root 11241100x80000000000000004284055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc03cd17e5ce58a2022-01-04 14:21:20.460root 11241100x80000000000000004284056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1471c89e42a2ba1d2022-01-04 14:21:20.460root 11241100x80000000000000004284057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b229e6801a44162022-01-04 14:21:20.460root 11241100x80000000000000004284058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caebfb0a2e64b3692022-01-04 14:21:20.460root 11241100x80000000000000004284059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aab1fd336846392022-01-04 14:21:20.959root 11241100x80000000000000004284060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d625e582b64dbc92022-01-04 14:21:20.959root 11241100x80000000000000004284061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6d753c8e12d8922022-01-04 14:21:20.960root 11241100x80000000000000004284062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650408764446e5612022-01-04 14:21:20.960root 11241100x80000000000000004284063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc56597ce7e93c2022-01-04 14:21:20.960root 11241100x80000000000000004284064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7179aa04142899be2022-01-04 14:21:20.960root 11241100x80000000000000004284065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951026bc4dd270062022-01-04 14:21:20.961root 11241100x80000000000000004284066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1914eddc75405c42022-01-04 14:21:20.961root 11241100x80000000000000004284067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7af3b137a4999a2022-01-04 14:21:20.961root 11241100x80000000000000004284068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835345085d0aafa92022-01-04 14:21:21.459root 11241100x80000000000000004284069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c52b0213ede108e2022-01-04 14:21:21.459root 11241100x80000000000000004284070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192432cccac8fd4a2022-01-04 14:21:21.459root 11241100x80000000000000004284071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaac91c980b34c7f2022-01-04 14:21:21.459root 11241100x80000000000000004284072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaa90f90ad750262022-01-04 14:21:21.459root 11241100x80000000000000004284073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea2104ccde8e0082022-01-04 14:21:21.460root 11241100x80000000000000004284074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab652000080ce6ad2022-01-04 14:21:21.460root 11241100x80000000000000004284075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c08f50f670573c2022-01-04 14:21:21.460root 11241100x80000000000000004284076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2b6b54db08c93d2022-01-04 14:21:21.460root 11241100x80000000000000004284077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4674fb760d0d12022-01-04 14:21:21.959root 11241100x80000000000000004284078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25675c06ef3d25f32022-01-04 14:21:21.959root 11241100x80000000000000004284079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a426ef9ee950ded92022-01-04 14:21:21.959root 11241100x80000000000000004284080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f97a026d7dc3d52022-01-04 14:21:21.959root 11241100x80000000000000004284081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1659540bd62fbd832022-01-04 14:21:21.959root 11241100x80000000000000004284082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b393436b19e25b4a2022-01-04 14:21:21.960root 11241100x80000000000000004284083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22bc6544dbef9b72022-01-04 14:21:21.960root 11241100x80000000000000004284084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbc8a884e7c25702022-01-04 14:21:21.960root 11241100x80000000000000004284085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb40c1cd4e1820a32022-01-04 14:21:21.960root 11241100x80000000000000004284086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b659813fa6cc2f2022-01-04 14:21:22.459root 11241100x80000000000000004284087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d480f768aa831d2022-01-04 14:21:22.459root 11241100x80000000000000004284088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55e622d210e9c5c2022-01-04 14:21:22.460root 11241100x80000000000000004284089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a275ef8ded18868d2022-01-04 14:21:22.460root 11241100x80000000000000004284090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0148438ce9314082022-01-04 14:21:22.460root 11241100x80000000000000004284091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631ca7b7dcdacdfc2022-01-04 14:21:22.460root 11241100x80000000000000004284092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b23d440fb6d35302022-01-04 14:21:22.460root 11241100x80000000000000004284093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb040ad4c0f61a62022-01-04 14:21:22.460root 11241100x80000000000000004284094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a72e4ea70bf8252022-01-04 14:21:22.461root 11241100x80000000000000004284095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc75971cffe682ea2022-01-04 14:21:22.959root 11241100x80000000000000004284096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd1b2b86dcca5862022-01-04 14:21:22.960root 11241100x80000000000000004284097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77fc2b1bd481d002022-01-04 14:21:22.960root 11241100x80000000000000004284098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcd873232f534812022-01-04 14:21:22.960root 11241100x80000000000000004284099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b51e2deeaac9262022-01-04 14:21:22.960root 11241100x80000000000000004284100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166dfc6c0fced9722022-01-04 14:21:22.960root 11241100x80000000000000004284101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb00b48e26d6aa32022-01-04 14:21:22.960root 11241100x80000000000000004284102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6df96b6f02b05d92022-01-04 14:21:22.961root 11241100x80000000000000004284103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a425b3a86e7417042022-01-04 14:21:22.961root 11241100x80000000000000004284104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f054880d3191542022-01-04 14:21:23.459root 11241100x80000000000000004284105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2090462e2d063d72022-01-04 14:21:23.459root 11241100x80000000000000004284106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ef3447ba0b37162022-01-04 14:21:23.459root 11241100x80000000000000004284107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8558c4180d35532022-01-04 14:21:23.459root 11241100x80000000000000004284108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cb1ad26559c9762022-01-04 14:21:23.459root 11241100x80000000000000004284109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01756930b6ee94b2022-01-04 14:21:23.460root 11241100x80000000000000004284110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29b9bf6406820212022-01-04 14:21:23.460root 11241100x80000000000000004284111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeca553b04e2c012022-01-04 14:21:23.460root 11241100x80000000000000004284112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10c10a38c5cb0562022-01-04 14:21:23.460root 11241100x80000000000000004284113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d0cef0b88be3582022-01-04 14:21:23.959root 11241100x80000000000000004284114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878e0f5b06b19b32022-01-04 14:21:23.959root 11241100x80000000000000004284115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a7c347600e079b2022-01-04 14:21:23.960root 11241100x80000000000000004284116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b83ccc1023644dc2022-01-04 14:21:23.960root 11241100x80000000000000004284117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8b16c8b9cdcd272022-01-04 14:21:23.960root 11241100x80000000000000004284118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55150d1a2d71256b2022-01-04 14:21:23.960root 11241100x80000000000000004284119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b036ac6e2d5fbd2022-01-04 14:21:23.960root 11241100x80000000000000004284120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141f951545f3bb582022-01-04 14:21:23.960root 11241100x80000000000000004284121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f1b81b9fc7a4322022-01-04 14:21:23.960root 11241100x80000000000000004284122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8c984e3adc108e2022-01-04 14:21:24.459root 11241100x80000000000000004284123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3421a6181c30fcf2022-01-04 14:21:24.459root 11241100x80000000000000004284124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c2af3e08d8e97a2022-01-04 14:21:24.459root 11241100x80000000000000004284125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e00af5e09057b92022-01-04 14:21:24.460root 11241100x80000000000000004284126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fff3fe385dd5692022-01-04 14:21:24.460root 11241100x80000000000000004284127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d04b0fb229b5dc2022-01-04 14:21:24.460root 11241100x80000000000000004284128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0497b66edb1ef9342022-01-04 14:21:24.460root 11241100x80000000000000004284129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef260dcdf5dfab62022-01-04 14:21:24.460root 11241100x80000000000000004284130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f2cf26075034762022-01-04 14:21:24.460root 11241100x80000000000000004284131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaceae7745e9f5a92022-01-04 14:21:24.959root 11241100x80000000000000004284132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78841523bf5e72572022-01-04 14:21:24.959root 11241100x80000000000000004284133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4a59d63e280ca32022-01-04 14:21:24.959root 11241100x80000000000000004284134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8118cb957d02550d2022-01-04 14:21:24.959root 11241100x80000000000000004284135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30cfa5df78d2c52022-01-04 14:21:24.959root 11241100x80000000000000004284136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f187fe7cef37eef2022-01-04 14:21:24.959root 11241100x80000000000000004284137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd45d7bd54dfb732022-01-04 14:21:24.959root 11241100x80000000000000004284138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b80f5cf3f6dd6dc2022-01-04 14:21:24.960root 11241100x80000000000000004284139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0248a3702a7494942022-01-04 14:21:24.960root 11241100x80000000000000004284140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f32605d90a21e772022-01-04 14:21:25.459root 11241100x80000000000000004284141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64290c42a9bbcd382022-01-04 14:21:25.460root 11241100x80000000000000004284142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4061c69457200f8d2022-01-04 14:21:25.460root 11241100x80000000000000004284143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb78117bfd5c158b2022-01-04 14:21:25.460root 11241100x80000000000000004284144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbd46e1cb736bd12022-01-04 14:21:25.460root 11241100x80000000000000004284145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649c84a11dca2c112022-01-04 14:21:25.460root 11241100x80000000000000004284146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabd7eb1605e5e612022-01-04 14:21:25.461root 11241100x80000000000000004284147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f2af9916fbd1662022-01-04 14:21:25.461root 11241100x80000000000000004284148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514d0406535057422022-01-04 14:21:25.461root 11241100x80000000000000004284149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fc8248b07a7a6e2022-01-04 14:21:25.959root 11241100x80000000000000004284150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7166fdf6999aeb232022-01-04 14:21:25.959root 11241100x80000000000000004284151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd1272ccb24bede2022-01-04 14:21:25.960root 11241100x80000000000000004284152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bde2b5149509b42022-01-04 14:21:25.960root 11241100x80000000000000004284153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3236a05394226392022-01-04 14:21:25.960root 11241100x80000000000000004284154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33fc5e2535a0ce72022-01-04 14:21:25.960root 11241100x80000000000000004284155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33113819a1c76f8d2022-01-04 14:21:25.960root 11241100x80000000000000004284156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5ddb27267a79bb2022-01-04 14:21:25.960root 11241100x80000000000000004284157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487b569d4a5542822022-01-04 14:21:25.961root 354300x80000000000000004284158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.030{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41574-false10.0.1.12-8000- 11241100x80000000000000004284159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5f10d2dd31de802022-01-04 14:21:26.459root 11241100x80000000000000004284160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e7a6679dce64cb2022-01-04 14:21:26.459root 11241100x80000000000000004284161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4629df651baf2d2022-01-04 14:21:26.460root 11241100x80000000000000004284162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734fff013d023d4d2022-01-04 14:21:26.460root 11241100x80000000000000004284163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d456dea4c6d5ee2022-01-04 14:21:26.460root 11241100x80000000000000004284164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d954c806efe7462022-01-04 14:21:26.460root 11241100x80000000000000004284165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3665646336be408e2022-01-04 14:21:26.460root 11241100x80000000000000004284166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb53299503114a12022-01-04 14:21:26.460root 11241100x80000000000000004284167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281397628be368802022-01-04 14:21:26.460root 11241100x80000000000000004284168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed444ae54c2222112022-01-04 14:21:26.460root 11241100x80000000000000004284169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54ecbe5cdcdd2ca2022-01-04 14:21:26.959root 11241100x80000000000000004284170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6c3dea82ea5c272022-01-04 14:21:26.959root 11241100x80000000000000004284171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b5e25d43bc39ed2022-01-04 14:21:26.959root 11241100x80000000000000004284172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8934c3c53269ae2022-01-04 14:21:26.959root 11241100x80000000000000004284173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ce35eb556fe9ce2022-01-04 14:21:26.960root 11241100x80000000000000004284174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615342e7def6e63c2022-01-04 14:21:26.960root 11241100x80000000000000004284175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71e3eb42a3d3c562022-01-04 14:21:26.960root 11241100x80000000000000004284176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e68d62968e5be72022-01-04 14:21:26.960root 11241100x80000000000000004284177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5dce0dba244e322022-01-04 14:21:26.960root 11241100x80000000000000004284178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42fb5ec31343a092022-01-04 14:21:26.960root 354300x80000000000000004284179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.145{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42056-false10.0.1.12-8089- 11241100x80000000000000004284180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d225b13220dfbed52022-01-04 14:21:27.459root 11241100x80000000000000004284181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d109985507a2c22022-01-04 14:21:27.460root 11241100x80000000000000004284182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc212380e541ace2022-01-04 14:21:27.460root 11241100x80000000000000004284183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49a4aa2ba9250332022-01-04 14:21:27.460root 11241100x80000000000000004284184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743d1ce671a7208d2022-01-04 14:21:27.460root 11241100x80000000000000004284185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bab842dd96f5cbf2022-01-04 14:21:27.460root 11241100x80000000000000004284186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f29d7fd6d8ae54e2022-01-04 14:21:27.460root 11241100x80000000000000004284187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c581a31aff59aaa22022-01-04 14:21:27.461root 11241100x80000000000000004284188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1009d83f4a9bf2992022-01-04 14:21:27.461root 11241100x80000000000000004284189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4bbd67fc062db72022-01-04 14:21:27.461root 11241100x80000000000000004284190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1ada88e1ff23272022-01-04 14:21:27.461root 11241100x80000000000000004284191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418567f8e0e1da7d2022-01-04 14:21:27.959root 11241100x80000000000000004284192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838b175ae31956232022-01-04 14:21:27.959root 11241100x80000000000000004284193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1730f91780de4cad2022-01-04 14:21:27.959root 11241100x80000000000000004284194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b306e6026d07f42022-01-04 14:21:27.960root 11241100x80000000000000004284195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e01bc18148d1db2022-01-04 14:21:27.960root 11241100x80000000000000004284196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4f0b72f6cb8ba62022-01-04 14:21:27.960root 11241100x80000000000000004284197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ffe9e27b23ca452022-01-04 14:21:27.960root 11241100x80000000000000004284198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb507bbb9fbe8e072022-01-04 14:21:27.960root 11241100x80000000000000004284199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb50cf886cc65b92022-01-04 14:21:27.960root 11241100x80000000000000004284200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181c5332504afe8a2022-01-04 14:21:27.960root 11241100x80000000000000004284201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12697a67c4f63e172022-01-04 14:21:27.960root 11241100x80000000000000004284202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7a8da1e8f46b432022-01-04 14:21:28.460root 11241100x80000000000000004284203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0703cc7851a1872022-01-04 14:21:28.460root 11241100x80000000000000004284204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a598f9c76d00c22022-01-04 14:21:28.460root 11241100x80000000000000004284205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4473c25f72113dd2022-01-04 14:21:28.460root 11241100x80000000000000004284206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f75ec8bc507c3a2022-01-04 14:21:28.460root 11241100x80000000000000004284207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb180f7056bb59e2022-01-04 14:21:28.460root 11241100x80000000000000004284208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8df4a9b40a897b2022-01-04 14:21:28.460root 11241100x80000000000000004284209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13c61328c3933f62022-01-04 14:21:28.460root 11241100x80000000000000004284210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa48ef99d712d5e2022-01-04 14:21:28.460root 11241100x80000000000000004284211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72539134df234352022-01-04 14:21:28.460root 11241100x80000000000000004284212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc3c0673a6f32822022-01-04 14:21:28.460root 11241100x80000000000000004284213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12711cfa83dbd1e02022-01-04 14:21:28.959root 11241100x80000000000000004284214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff443bc77e87ddf42022-01-04 14:21:28.959root 11241100x80000000000000004284215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d77b6c384232b182022-01-04 14:21:28.960root 11241100x80000000000000004284216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341de2febaac98742022-01-04 14:21:28.960root 11241100x80000000000000004284217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42aa5df08185eb0d2022-01-04 14:21:28.960root 11241100x80000000000000004284218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844dbad0627e27bc2022-01-04 14:21:28.960root 11241100x80000000000000004284219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd4adef2ad618f92022-01-04 14:21:28.960root 11241100x80000000000000004284220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0caafb934b7f9602022-01-04 14:21:28.960root 11241100x80000000000000004284221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf3579dddf075ce2022-01-04 14:21:28.960root 11241100x80000000000000004284222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6a14db72c8790c2022-01-04 14:21:28.960root 11241100x80000000000000004284223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6e3fb053dd57d52022-01-04 14:21:28.960root 11241100x80000000000000004284224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b095294a61a3ac2022-01-04 14:21:29.459root 11241100x80000000000000004284225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c6b7852d1e664f2022-01-04 14:21:29.459root 11241100x80000000000000004284226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a061e99a1959afb12022-01-04 14:21:29.460root 11241100x80000000000000004284227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97ecb20c646f5162022-01-04 14:21:29.460root 11241100x80000000000000004284228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae05fb6c0378db92022-01-04 14:21:29.460root 11241100x80000000000000004284229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d085d44d7841e59b2022-01-04 14:21:29.460root 11241100x80000000000000004284230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f90434a99fc1ca2022-01-04 14:21:29.460root 11241100x80000000000000004284231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be99406e77e883e2022-01-04 14:21:29.460root 11241100x80000000000000004284232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3304548a5384747e2022-01-04 14:21:29.460root 11241100x80000000000000004284233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7629945ff7719ae2022-01-04 14:21:29.460root 11241100x80000000000000004284234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe773cc7404a582022-01-04 14:21:29.460root 11241100x80000000000000004284235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae152d26f921aacb2022-01-04 14:21:29.960root 11241100x80000000000000004284236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270138a7fcf501fd2022-01-04 14:21:29.960root 11241100x80000000000000004284237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e72129d27f2c5d42022-01-04 14:21:29.960root 11241100x80000000000000004284238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849f792ba1764df42022-01-04 14:21:29.960root 11241100x80000000000000004284239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedb610062d133212022-01-04 14:21:29.960root 11241100x80000000000000004284240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7e8dc5a67e29842022-01-04 14:21:29.960root 11241100x80000000000000004284241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576fdfb387ae95182022-01-04 14:21:29.960root 11241100x80000000000000004284242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64c8cedaeb079db2022-01-04 14:21:29.960root 11241100x80000000000000004284243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc4eaddd03638032022-01-04 14:21:29.960root 11241100x80000000000000004284244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98f09ba0832238c2022-01-04 14:21:29.960root 11241100x80000000000000004284245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e5341f7640fabe2022-01-04 14:21:29.961root 11241100x80000000000000004284246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53498679fe2adaf2022-01-04 14:21:30.459root 11241100x80000000000000004284247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b14d715836a4d02022-01-04 14:21:30.459root 11241100x80000000000000004284248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df67cb98fe8ebc82022-01-04 14:21:30.460root 11241100x80000000000000004284249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fc05bc678e4cb52022-01-04 14:21:30.460root 11241100x80000000000000004284250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c9209051a76b092022-01-04 14:21:30.460root 11241100x80000000000000004284251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d480b9a41979122022-01-04 14:21:30.460root 11241100x80000000000000004284252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c945c3f50ff04c2022-01-04 14:21:30.460root 11241100x80000000000000004284253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fea3c9edc1597d32022-01-04 14:21:30.460root 11241100x80000000000000004284254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c553d14026c7a112022-01-04 14:21:30.460root 11241100x80000000000000004284255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b7c87e79ffac832022-01-04 14:21:30.460root 11241100x80000000000000004284256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c254e88551ece52022-01-04 14:21:30.460root 11241100x80000000000000004284257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2443b9d253102a2022-01-04 14:21:30.959root 11241100x80000000000000004284258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea955e1ec76383152022-01-04 14:21:30.959root 11241100x80000000000000004284259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbed989c26264fb2022-01-04 14:21:30.959root 11241100x80000000000000004284260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b14882beed00ba2022-01-04 14:21:30.960root 11241100x80000000000000004284261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec059a6e7acc1ca2022-01-04 14:21:30.960root 11241100x80000000000000004284262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343bef94f87a6592022-01-04 14:21:30.960root 11241100x80000000000000004284263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a60052a6461f952022-01-04 14:21:30.960root 11241100x80000000000000004284264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e767446d784a7b42022-01-04 14:21:30.960root 11241100x80000000000000004284265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b3ec983a2ca112022-01-04 14:21:30.960root 11241100x80000000000000004284266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b52fcb82fceec4c2022-01-04 14:21:30.960root 11241100x80000000000000004284267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5d7db94b8631062022-01-04 14:21:30.960root 354300x80000000000000004284268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.189{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41578-false10.0.1.12-8000- 11241100x80000000000000004284269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:21:31.221root 11241100x80000000000000004284270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ed0b6e28b7b83c2022-01-04 14:21:31.222root 11241100x80000000000000004284271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3149b30f004b1482022-01-04 14:21:31.222root 11241100x80000000000000004284272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08842cfcd9e8e0d62022-01-04 14:21:31.223root 11241100x80000000000000004284273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8a1719a54df28b2022-01-04 14:21:31.223root 11241100x80000000000000004284274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23417209c2daa3892022-01-04 14:21:31.223root 11241100x80000000000000004284275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b49c331241619ec2022-01-04 14:21:31.223root 11241100x80000000000000004284276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09f0e49272ad4952022-01-04 14:21:31.223root 11241100x80000000000000004284277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac41f41d7b970e62022-01-04 14:21:31.223root 11241100x80000000000000004284278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626e8bcaafbd98e52022-01-04 14:21:31.223root 11241100x80000000000000004284279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd8d391fd3be8d2022-01-04 14:21:31.223root 11241100x80000000000000004284280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a60891a2efddd42022-01-04 14:21:31.224root 11241100x80000000000000004284281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b23554c1ac122f2022-01-04 14:21:31.224root 11241100x80000000000000004284282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2fa466aa29b8382022-01-04 14:21:31.224root 11241100x80000000000000004284283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b654a794e4035e422022-01-04 14:21:31.224root 11241100x80000000000000004284284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0d7c5b13d77e9a2022-01-04 14:21:31.224root 11241100x80000000000000004284285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4854a89d6c55e3de2022-01-04 14:21:31.709root 11241100x80000000000000004284286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f3b476219f17d02022-01-04 14:21:31.709root 11241100x80000000000000004284287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900e06025af65b102022-01-04 14:21:31.710root 11241100x80000000000000004284288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ff81902b4c4b22022-01-04 14:21:31.710root 11241100x80000000000000004284289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ab2fd97f99e7c12022-01-04 14:21:31.710root 11241100x80000000000000004284290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e279e3693336412022-01-04 14:21:31.710root 11241100x80000000000000004284291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10513b04623ab9102022-01-04 14:21:31.710root 11241100x80000000000000004284292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3aa45608f911a92022-01-04 14:21:31.710root 11241100x80000000000000004284293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17985a65cbe673ba2022-01-04 14:21:31.710root 11241100x80000000000000004284294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a461160157c796cb2022-01-04 14:21:31.710root 11241100x80000000000000004284295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ad68fdbe7b85022022-01-04 14:21:31.711root 11241100x80000000000000004284296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5946fde7184eed2022-01-04 14:21:31.712root 11241100x80000000000000004284297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144009a4bfee67862022-01-04 14:21:31.712root 11241100x80000000000000004284298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4283fb470b410d7e2022-01-04 14:21:32.209root 11241100x80000000000000004284299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e27100e61e009882022-01-04 14:21:32.210root 11241100x80000000000000004284300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f039d29b6357c22022-01-04 14:21:32.210root 11241100x80000000000000004284301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01610d4b4893b2412022-01-04 14:21:32.210root 11241100x80000000000000004284302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6935656acf72a12022-01-04 14:21:32.210root 11241100x80000000000000004284303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311555252579a7a22022-01-04 14:21:32.210root 11241100x80000000000000004284304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec1978fcf373ad92022-01-04 14:21:32.210root 11241100x80000000000000004284305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99592d8414d4cd082022-01-04 14:21:32.210root 11241100x80000000000000004284306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133a6b8a4edf54c92022-01-04 14:21:32.210root 11241100x80000000000000004284307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1133e95a2d29ad2022-01-04 14:21:32.210root 11241100x80000000000000004284308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e617da277373750a2022-01-04 14:21:32.210root 11241100x80000000000000004284309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad787439fdbedf22022-01-04 14:21:32.210root 11241100x80000000000000004284310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb00f8a23fe1ba6f2022-01-04 14:21:32.210root 11241100x80000000000000004284311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f005ca5e8673c8e12022-01-04 14:21:32.710root 11241100x80000000000000004284312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843236dd205765de2022-01-04 14:21:32.710root 11241100x80000000000000004284313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768c52a53c3e8b2c2022-01-04 14:21:32.710root 11241100x80000000000000004284314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d204826f32cf002022-01-04 14:21:32.710root 11241100x80000000000000004284315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89655d6b6261e1cf2022-01-04 14:21:32.710root 11241100x80000000000000004284316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f1ba4a8cd108e22022-01-04 14:21:32.710root 11241100x80000000000000004284317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f927d7578fa80242022-01-04 14:21:32.711root 11241100x80000000000000004284318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a224d04896ed60c2022-01-04 14:21:32.711root 11241100x80000000000000004284319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210323fe93c7dc462022-01-04 14:21:32.711root 11241100x80000000000000004284320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d5f59000cc75e2022-01-04 14:21:32.711root 11241100x80000000000000004284321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050e146da68aee522022-01-04 14:21:32.711root 11241100x80000000000000004284322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c502c45341774e42022-01-04 14:21:32.711root 11241100x80000000000000004284323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e505a7db01b9732022-01-04 14:21:32.711root 11241100x80000000000000004284324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c77998935062bc92022-01-04 14:21:33.209root 11241100x80000000000000004284325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d965fba7ef1242022-01-04 14:21:33.209root 11241100x80000000000000004284326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14a1d8953c2d7652022-01-04 14:21:33.210root 11241100x80000000000000004284327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2138752ce3cd1dc2022-01-04 14:21:33.210root 11241100x80000000000000004284328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06855bd68c61ec4f2022-01-04 14:21:33.210root 11241100x80000000000000004284329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f713cf60d05e815e2022-01-04 14:21:33.210root 11241100x80000000000000004284330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499e9a80db5839522022-01-04 14:21:33.210root 11241100x80000000000000004284331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614ff70b79fcc90d2022-01-04 14:21:33.210root 11241100x80000000000000004284332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae960a2de19c13722022-01-04 14:21:33.210root 11241100x80000000000000004284333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb200d72bbcb8552022-01-04 14:21:33.210root 11241100x80000000000000004284334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974dd0a6cea5a95b2022-01-04 14:21:33.210root 11241100x80000000000000004284335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6796485ac46a1c9f2022-01-04 14:21:33.210root 11241100x80000000000000004284336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee93a8a8bd59f9be2022-01-04 14:21:33.210root 11241100x80000000000000004284337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1425d57146254dbb2022-01-04 14:21:33.709root 11241100x80000000000000004284338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790d7b7c406fc85f2022-01-04 14:21:33.709root 11241100x80000000000000004284339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcc5e5f1db8e7832022-01-04 14:21:33.710root 11241100x80000000000000004284340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c914ec4c137cc9582022-01-04 14:21:33.710root 11241100x80000000000000004284341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102c4b99465de3952022-01-04 14:21:33.710root 11241100x80000000000000004284342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf333bee9ace72d92022-01-04 14:21:33.710root 11241100x80000000000000004284343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e4aabed5e0006c2022-01-04 14:21:33.710root 11241100x80000000000000004284344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3adb503183dfc232022-01-04 14:21:33.710root 11241100x80000000000000004284345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d4c6f4ad41d68f2022-01-04 14:21:33.710root 11241100x80000000000000004284346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324dc9e07fa210832022-01-04 14:21:33.710root 11241100x80000000000000004284347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ad20e37828c652022-01-04 14:21:33.710root 11241100x80000000000000004284348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde4a7d99e0422572022-01-04 14:21:33.711root 11241100x80000000000000004284349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156881c8bf7019012022-01-04 14:21:33.711root 11241100x80000000000000004284350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efacfba5d85ce7a62022-01-04 14:21:34.209root 11241100x80000000000000004284351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8858eba1478aed72022-01-04 14:21:34.210root 11241100x80000000000000004284352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9de342c7f886d82022-01-04 14:21:34.210root 11241100x80000000000000004284353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6242d1b816ca04582022-01-04 14:21:34.210root 11241100x80000000000000004284354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bdbf9998f071ad2022-01-04 14:21:34.210root 11241100x80000000000000004284355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b703d7b86f1509a2022-01-04 14:21:34.210root 11241100x80000000000000004284356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56182c099e0cffea2022-01-04 14:21:34.210root 11241100x80000000000000004284357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81623de18edcd8b22022-01-04 14:21:34.210root 11241100x80000000000000004284358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a5b1f1032b1d472022-01-04 14:21:34.210root 11241100x80000000000000004284359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6db506bbe41efc2022-01-04 14:21:34.211root 11241100x80000000000000004284360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec10406e5c89d4a72022-01-04 14:21:34.211root 11241100x80000000000000004284361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ebd9451213d6102022-01-04 14:21:34.211root 11241100x80000000000000004284362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0086f3f16e688f2022-01-04 14:21:34.211root 23542300x80000000000000004284363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004284364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbf80f2538edb802022-01-04 14:21:34.709root 11241100x80000000000000004284365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea6f39b802a8ad92022-01-04 14:21:34.711root 11241100x80000000000000004284366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb2c9345f706242022-01-04 14:21:34.711root 11241100x80000000000000004284367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e7a65bef4562b2022-01-04 14:21:34.711root 11241100x80000000000000004284368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e131b3f7da0b29042022-01-04 14:21:34.711root 11241100x80000000000000004284369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17377b4a1a2eb6cf2022-01-04 14:21:34.711root 11241100x80000000000000004284370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbcfc1f68b8ede02022-01-04 14:21:34.711root 11241100x80000000000000004284371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5508d3cf068d41832022-01-04 14:21:34.711root 11241100x80000000000000004284372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a735f0df4d6a002022-01-04 14:21:34.711root 11241100x80000000000000004284373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d0706d19ac3dd72022-01-04 14:21:34.711root 11241100x80000000000000004284374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeff99084c89da92022-01-04 14:21:34.711root 11241100x80000000000000004284375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92e5fd3860fbf772022-01-04 14:21:34.712root 11241100x80000000000000004284376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06377a1352fbf1b2022-01-04 14:21:34.712root 11241100x80000000000000004284377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e406a0ec2f34de2a2022-01-04 14:21:34.712root 11241100x80000000000000004284378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b52acdce7e009c2022-01-04 14:21:35.209root 11241100x80000000000000004284379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0da1f9866597182022-01-04 14:21:35.210root 11241100x80000000000000004284380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c27d7f34f86ee612022-01-04 14:21:35.210root 11241100x80000000000000004284381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08d7c42c1e444322022-01-04 14:21:35.210root 11241100x80000000000000004284382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb0737bb88666782022-01-04 14:21:35.210root 11241100x80000000000000004284383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db9b6a0fd9a6d392022-01-04 14:21:35.210root 11241100x80000000000000004284384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ea9ebe31e4150e2022-01-04 14:21:35.210root 11241100x80000000000000004284385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42151d998593290b2022-01-04 14:21:35.210root 11241100x80000000000000004284386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbe6e9915522db12022-01-04 14:21:35.210root 11241100x80000000000000004284387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634e2063481fd3232022-01-04 14:21:35.210root 11241100x80000000000000004284388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10415643c117bf722022-01-04 14:21:35.210root 11241100x80000000000000004284389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433cf2db48b559242022-01-04 14:21:35.210root 11241100x80000000000000004284390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3220eb62133e3db02022-01-04 14:21:35.210root 11241100x80000000000000004284391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21d3662c792f1322022-01-04 14:21:35.210root 11241100x80000000000000004284392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6845220430483f3a2022-01-04 14:21:35.710root 11241100x80000000000000004284393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50221130d3fb8102022-01-04 14:21:35.711root 11241100x80000000000000004284394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ebecdf97ec1a0b2022-01-04 14:21:35.711root 11241100x80000000000000004284395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dd263d3dc04d152022-01-04 14:21:35.711root 11241100x80000000000000004284396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92c22764a39d43a2022-01-04 14:21:35.711root 11241100x80000000000000004284397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ad2530ad1b49602022-01-04 14:21:35.712root 11241100x80000000000000004284398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863c1b6f539ae3ce2022-01-04 14:21:35.712root 11241100x80000000000000004284399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1ad745882525282022-01-04 14:21:35.712root 11241100x80000000000000004284400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910dd756800f058c2022-01-04 14:21:35.712root 11241100x80000000000000004284401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaa76816f2a13312022-01-04 14:21:35.712root 11241100x80000000000000004284402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd29bc0f046e0ae2022-01-04 14:21:35.712root 11241100x80000000000000004284403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9843d5e8b962d2202022-01-04 14:21:35.712root 11241100x80000000000000004284404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681e0764e1aff9b92022-01-04 14:21:35.712root 11241100x80000000000000004284405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9705426e970be35d2022-01-04 14:21:35.712root 11241100x80000000000000004284406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0282761ec7c7b52022-01-04 14:21:36.209root 11241100x80000000000000004284407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366fa9d60a5672632022-01-04 14:21:36.210root 11241100x80000000000000004284408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b7778a1eed74072022-01-04 14:21:36.210root 11241100x80000000000000004284409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470721212513bca92022-01-04 14:21:36.210root 11241100x80000000000000004284410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a9537efc5b02242022-01-04 14:21:36.210root 11241100x80000000000000004284411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892939aac034a1792022-01-04 14:21:36.210root 11241100x80000000000000004284412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb9c9667887ea6e2022-01-04 14:21:36.210root 11241100x80000000000000004284413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc111ff6792786b92022-01-04 14:21:36.210root 11241100x80000000000000004284414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fe1661943ce9e72022-01-04 14:21:36.210root 11241100x80000000000000004284415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e15bb37401fb8c2022-01-04 14:21:36.210root 11241100x80000000000000004284416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a4fdd5c191b9ec2022-01-04 14:21:36.210root 11241100x80000000000000004284417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b39ffa0a5ebda2022-01-04 14:21:36.210root 11241100x80000000000000004284418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec09b8b421069a082022-01-04 14:21:36.210root 11241100x80000000000000004284419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1672a7d4664daf9e2022-01-04 14:21:36.210root 11241100x80000000000000004284420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3048ca754104802022-01-04 14:21:36.709root 11241100x80000000000000004284421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98c2b5ec598e8912022-01-04 14:21:36.710root 11241100x80000000000000004284422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f3501cfd01002a2022-01-04 14:21:36.710root 11241100x80000000000000004284423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d0062b18792192022-01-04 14:21:36.710root 11241100x80000000000000004284424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fd620688005a182022-01-04 14:21:36.710root 11241100x80000000000000004284425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24c58c3f635e482022-01-04 14:21:36.710root 11241100x80000000000000004284426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e82b439ec6756492022-01-04 14:21:36.710root 11241100x80000000000000004284427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9be2f872f799582022-01-04 14:21:36.710root 11241100x80000000000000004284428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d647dc08d9a6d2242022-01-04 14:21:36.710root 11241100x80000000000000004284429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8feabaa466c663e2022-01-04 14:21:36.710root 11241100x80000000000000004284430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593e6efa332301a82022-01-04 14:21:36.710root 11241100x80000000000000004284431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6b1f02cce4b262022-01-04 14:21:36.711root 11241100x80000000000000004284432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49bbdcdcea390802022-01-04 14:21:36.711root 11241100x80000000000000004284433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa2460253ee913f2022-01-04 14:21:36.711root 354300x80000000000000004284434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.057{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41580-false10.0.1.12-8000- 11241100x80000000000000004284435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45933a087b62b8e52022-01-04 14:21:37.058root 11241100x80000000000000004284436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33233b48d36d42e62022-01-04 14:21:37.058root 11241100x80000000000000004284437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d02e0a031d68fa2022-01-04 14:21:37.058root 11241100x80000000000000004284438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a887dce4afda6f2022-01-04 14:21:37.058root 11241100x80000000000000004284439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79711e94da7127d12022-01-04 14:21:37.059root 11241100x80000000000000004284440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e1b6de8a2599172022-01-04 14:21:37.059root 11241100x80000000000000004284441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ed7dc2b4feebd82022-01-04 14:21:37.059root 11241100x80000000000000004284442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862e6c76c3054e842022-01-04 14:21:37.059root 11241100x80000000000000004284443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ce19fc116a82602022-01-04 14:21:37.059root 11241100x80000000000000004284444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ccbb38fed0253e2022-01-04 14:21:37.059root 11241100x80000000000000004284445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98bddd52e4fef122022-01-04 14:21:37.059root 11241100x80000000000000004284446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7e8bb6998252402022-01-04 14:21:37.059root 11241100x80000000000000004284447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0131b602a1e432d42022-01-04 14:21:37.059root 11241100x80000000000000004284448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720fb16f44185c5d2022-01-04 14:21:37.059root 11241100x80000000000000004284449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.059{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913894ea5bf223a82022-01-04 14:21:37.059root 11241100x80000000000000004284450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fd3b297c0fee3f2022-01-04 14:21:37.459root 11241100x80000000000000004284451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad814adb2405afcd2022-01-04 14:21:37.460root 11241100x80000000000000004284452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf509a0945567522022-01-04 14:21:37.460root 11241100x80000000000000004284453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ba95d8544341862022-01-04 14:21:37.460root 11241100x80000000000000004284454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f398228fb5c91d82022-01-04 14:21:37.460root 11241100x80000000000000004284455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d412fab16fdeed2022-01-04 14:21:37.460root 11241100x80000000000000004284456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bb3328aa0061c2022-01-04 14:21:37.460root 11241100x80000000000000004284457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbaefae31d193dc2022-01-04 14:21:37.460root 11241100x80000000000000004284458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ca120915e0b8252022-01-04 14:21:37.460root 11241100x80000000000000004284459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff08880adab58fe2022-01-04 14:21:37.460root 11241100x80000000000000004284460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ecea7b548f74852022-01-04 14:21:37.460root 11241100x80000000000000004284461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a991d4e7f0a1c8832022-01-04 14:21:37.460root 11241100x80000000000000004284462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ca408fdd198d662022-01-04 14:21:37.460root 11241100x80000000000000004284463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466dde1514c63f562022-01-04 14:21:37.460root 11241100x80000000000000004284464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54ca704e0e315a2022-01-04 14:21:37.460root 11241100x80000000000000004284465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3d425ad3b161e52022-01-04 14:21:37.959root 11241100x80000000000000004284466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd829d61e66ff2042022-01-04 14:21:37.960root 11241100x80000000000000004284467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912024a4029e1ed2022-01-04 14:21:37.960root 11241100x80000000000000004284468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb7e3a53e79c11e2022-01-04 14:21:37.960root 11241100x80000000000000004284469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740c308c65a600632022-01-04 14:21:37.960root 11241100x80000000000000004284470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339dd3ef9fb8d3e32022-01-04 14:21:37.960root 11241100x80000000000000004284471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc74a491f45ce0c2022-01-04 14:21:37.960root 11241100x80000000000000004284472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e803a733bb38e0e92022-01-04 14:21:37.960root 11241100x80000000000000004284473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcd4530ec710fa62022-01-04 14:21:37.960root 11241100x80000000000000004284474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be19d9abba4363a62022-01-04 14:21:37.960root 11241100x80000000000000004284475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2d7469b63a9f3b2022-01-04 14:21:37.960root 11241100x80000000000000004284476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77b272ddb6697882022-01-04 14:21:37.960root 11241100x80000000000000004284477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3d8b92d2e858182022-01-04 14:21:37.960root 11241100x80000000000000004284478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b642cd5f24930992022-01-04 14:21:37.960root 11241100x80000000000000004284479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb28babeff310c32022-01-04 14:21:37.960root 11241100x80000000000000004284480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7034df55dae38442022-01-04 14:21:38.459root 11241100x80000000000000004284481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ec7d27295a8b6e2022-01-04 14:21:38.460root 11241100x80000000000000004284482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd170d88d49338692022-01-04 14:21:38.460root 11241100x80000000000000004284483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f14d2bdf1823e82022-01-04 14:21:38.460root 11241100x80000000000000004284484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e970fd004a5d14ae2022-01-04 14:21:38.460root 11241100x80000000000000004284485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7ceca1fb4127ac2022-01-04 14:21:38.460root 11241100x80000000000000004284486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b1fbce72f4971b2022-01-04 14:21:38.460root 11241100x80000000000000004284487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114a09dc0e7c5b752022-01-04 14:21:38.460root 11241100x80000000000000004284488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eb114ba171c2bf2022-01-04 14:21:38.460root 11241100x80000000000000004284489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb6e0f2d69bab572022-01-04 14:21:38.460root 11241100x80000000000000004284490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9452a32e355f0e2022-01-04 14:21:38.460root 11241100x80000000000000004284491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ae11c3704153d72022-01-04 14:21:38.460root 11241100x80000000000000004284492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512c959fb17afe642022-01-04 14:21:38.460root 11241100x80000000000000004284493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3f07db80c25d702022-01-04 14:21:38.460root 11241100x80000000000000004284494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbed5e0e000ab1212022-01-04 14:21:38.461root 11241100x80000000000000004284495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a5e44b71d311b82022-01-04 14:21:38.959root 11241100x80000000000000004284496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43e52620c6e002a2022-01-04 14:21:38.960root 11241100x80000000000000004284497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd41fa4371f2ee422022-01-04 14:21:38.960root 11241100x80000000000000004284498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5111c888d1b38532022-01-04 14:21:38.960root 11241100x80000000000000004284499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8920cf8b173b5d2022-01-04 14:21:38.960root 11241100x80000000000000004284500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6215f6ecb999df2022-01-04 14:21:38.960root 11241100x80000000000000004284501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692a2f5b20d47a1b2022-01-04 14:21:38.960root 11241100x80000000000000004284502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9216f1c54995cb7a2022-01-04 14:21:38.960root 11241100x80000000000000004284503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71ed202fd412b0c2022-01-04 14:21:38.960root 11241100x80000000000000004284504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4c1b69a1314ed92022-01-04 14:21:38.960root 11241100x80000000000000004284505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfa5e3cb1836a972022-01-04 14:21:38.960root 11241100x80000000000000004284506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab7fe5a65d9a9f02022-01-04 14:21:38.960root 11241100x80000000000000004284507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e61a267cb7fd142022-01-04 14:21:38.961root 11241100x80000000000000004284508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6bfc93222d0aca2022-01-04 14:21:38.961root 11241100x80000000000000004284509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d71cece2401a0052022-01-04 14:21:38.961root 11241100x80000000000000004284510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c1022f2ff3c4ac2022-01-04 14:21:39.459root 11241100x80000000000000004284511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec5c4a135336cde2022-01-04 14:21:39.460root 11241100x80000000000000004284512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ea76c6f1135f32022-01-04 14:21:39.460root 11241100x80000000000000004284513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b42d08446b11312022-01-04 14:21:39.460root 11241100x80000000000000004284514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd0a739d4498f372022-01-04 14:21:39.460root 11241100x80000000000000004284515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc4b51310ff92992022-01-04 14:21:39.460root 11241100x80000000000000004284516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655aab89ac250e462022-01-04 14:21:39.460root 11241100x80000000000000004284517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d50cba315e60b02022-01-04 14:21:39.460root 11241100x80000000000000004284518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589a28df9ef9d83e2022-01-04 14:21:39.460root 11241100x80000000000000004284519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ae81f30525b79d2022-01-04 14:21:39.460root 11241100x80000000000000004284520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f6efb520d352e02022-01-04 14:21:39.460root 11241100x80000000000000004284521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deefcdc4938caeb2022-01-04 14:21:39.461root 11241100x80000000000000004284522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb0e7ea4f1a3bd12022-01-04 14:21:39.461root 11241100x80000000000000004284523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623b26a48d5778272022-01-04 14:21:39.461root 11241100x80000000000000004284524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5116b982cf0b66e42022-01-04 14:21:39.461root 11241100x80000000000000004284525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e8d8e678dea4492022-01-04 14:21:39.959root 11241100x80000000000000004284526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7925c8ddc2947ad2022-01-04 14:21:39.960root 11241100x80000000000000004284527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c31322abebb68d2022-01-04 14:21:39.960root 11241100x80000000000000004284528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c007a8401e8252022-01-04 14:21:39.960root 11241100x80000000000000004284529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4f733275beb7582022-01-04 14:21:39.960root 11241100x80000000000000004284530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb69dba9c7ca3712022-01-04 14:21:39.960root 11241100x80000000000000004284531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b02beddda49bc52022-01-04 14:21:39.960root 11241100x80000000000000004284532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024ece6fa1c336af2022-01-04 14:21:39.960root 11241100x80000000000000004284533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294f23a277c0ba132022-01-04 14:21:39.960root 11241100x80000000000000004284534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9939633ad63c31b2022-01-04 14:21:39.960root 11241100x80000000000000004284535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a0d154a10a41962022-01-04 14:21:39.961root 11241100x80000000000000004284536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c419690ebbf50bf2022-01-04 14:21:39.961root 11241100x80000000000000004284537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4194e77b28f335c2022-01-04 14:21:39.961root 11241100x80000000000000004284538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a419a5efe7c9ad12022-01-04 14:21:39.961root 11241100x80000000000000004284539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50c76e64056cd522022-01-04 14:21:39.961root 11241100x80000000000000004284540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c74284ffd2129a2022-01-04 14:21:40.459root 11241100x80000000000000004284541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab4332fb843ae802022-01-04 14:21:40.459root 11241100x80000000000000004284542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac46e09322dfbcf22022-01-04 14:21:40.459root 11241100x80000000000000004284543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0806f6cbfcafbcb92022-01-04 14:21:40.459root 11241100x80000000000000004284544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcf331926615e382022-01-04 14:21:40.459root 11241100x80000000000000004284545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5749652c757e066f2022-01-04 14:21:40.460root 11241100x80000000000000004284546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd9b5c94ea5c18d2022-01-04 14:21:40.460root 11241100x80000000000000004284547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0626e7bc16655ffa2022-01-04 14:21:40.460root 11241100x80000000000000004284548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2921d3d2b294f442022-01-04 14:21:40.460root 11241100x80000000000000004284549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f670804d2d3aa0182022-01-04 14:21:40.460root 11241100x80000000000000004284550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c957b2a25e362f2022-01-04 14:21:40.460root 11241100x80000000000000004284551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ec681926b53c4b2022-01-04 14:21:40.460root 11241100x80000000000000004284552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3252129f3d907d5f2022-01-04 14:21:40.460root 11241100x80000000000000004284553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08db56b599f5a3822022-01-04 14:21:40.460root 11241100x80000000000000004284554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3044158746b13e0d2022-01-04 14:21:40.460root 11241100x80000000000000004284555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02f80704cf903322022-01-04 14:21:40.959root 11241100x80000000000000004284556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de322d038bed6952022-01-04 14:21:40.960root 11241100x80000000000000004284557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220d9d7b0c9113a2022-01-04 14:21:40.960root 11241100x80000000000000004284558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44db00a2d3eed0592022-01-04 14:21:40.960root 11241100x80000000000000004284559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad52be073defb40b2022-01-04 14:21:40.960root 11241100x80000000000000004284560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e87b08f9cd6cc82022-01-04 14:21:40.960root 11241100x80000000000000004284561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735daeb470beefbb2022-01-04 14:21:40.960root 11241100x80000000000000004284562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22bf459363163d2022-01-04 14:21:40.960root 11241100x80000000000000004284563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac87dd1d78d173d92022-01-04 14:21:40.960root 11241100x80000000000000004284564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bb58f7021edbd22022-01-04 14:21:40.960root 11241100x80000000000000004284565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287e29d2a11c39152022-01-04 14:21:40.960root 11241100x80000000000000004284566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5caf08a5630a66a2022-01-04 14:21:40.960root 11241100x80000000000000004284567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a726f6d33b8e3a502022-01-04 14:21:40.960root 11241100x80000000000000004284568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0589d18e429f1d2022-01-04 14:21:40.960root 11241100x80000000000000004284569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaf404c321d018c2022-01-04 14:21:40.960root 11241100x80000000000000004284570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f18ebc6620d0292022-01-04 14:21:41.459root 11241100x80000000000000004284571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de432643adf37842022-01-04 14:21:41.459root 11241100x80000000000000004284572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f99dec200d6fd4f2022-01-04 14:21:41.459root 11241100x80000000000000004284573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3182d4c19c135b2022-01-04 14:21:41.459root 11241100x80000000000000004284574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7332bff8f3ec8cac2022-01-04 14:21:41.459root 11241100x80000000000000004284575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d8f04f16d7544c2022-01-04 14:21:41.459root 11241100x80000000000000004284576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f123895754b26b32022-01-04 14:21:41.459root 11241100x80000000000000004284577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd19297b12b731d2022-01-04 14:21:41.460root 11241100x80000000000000004284578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b59eb9064e2e182022-01-04 14:21:41.460root 11241100x80000000000000004284579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361ce348435f59632022-01-04 14:21:41.460root 11241100x80000000000000004284580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f1461592ded4f02022-01-04 14:21:41.460root 11241100x80000000000000004284581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7688b0d1fa02218c2022-01-04 14:21:41.460root 11241100x80000000000000004284582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba2aa108b6046eb2022-01-04 14:21:41.460root 11241100x80000000000000004284583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4038415f59c3f712022-01-04 14:21:41.460root 11241100x80000000000000004284584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38abe7f5270d4ae2022-01-04 14:21:41.460root 11241100x80000000000000004284585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b6c672faf93bfd2022-01-04 14:21:41.959root 11241100x80000000000000004284586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d5ee069e54ebd22022-01-04 14:21:41.960root 11241100x80000000000000004284587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e61ed8261f11342022-01-04 14:21:41.960root 11241100x80000000000000004284588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703768ee6a997f8b2022-01-04 14:21:41.960root 11241100x80000000000000004284589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b837643dbf083ec72022-01-04 14:21:41.960root 11241100x80000000000000004284590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4555a82987444e2022-01-04 14:21:41.960root 11241100x80000000000000004284591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53bbe422c9771e02022-01-04 14:21:41.960root 11241100x80000000000000004284592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bd7fbd456b34312022-01-04 14:21:41.960root 11241100x80000000000000004284593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b3ab7614f925982022-01-04 14:21:41.960root 11241100x80000000000000004284594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e61cea1a66852b32022-01-04 14:21:41.960root 11241100x80000000000000004284595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732351dbb5cec2e32022-01-04 14:21:41.960root 11241100x80000000000000004284596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afbb189f7daf43a2022-01-04 14:21:41.961root 11241100x80000000000000004284597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdfca6d4025f2e82022-01-04 14:21:41.961root 11241100x80000000000000004284598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cf748b0b5a03692022-01-04 14:21:41.961root 11241100x80000000000000004284599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab7a5fc621fdfa2022-01-04 14:21:41.961root 354300x80000000000000004284600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.205{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41582-false10.0.1.12-8000- 11241100x80000000000000004284601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d8191205f287c32022-01-04 14:21:42.459root 11241100x80000000000000004284602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dcfe9c3f439f3d2022-01-04 14:21:42.459root 11241100x80000000000000004284603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99055658a2205a2022-01-04 14:21:42.460root 11241100x80000000000000004284604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2947f03c5f8ca72022-01-04 14:21:42.460root 11241100x80000000000000004284605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88685363472bfcdd2022-01-04 14:21:42.460root 11241100x80000000000000004284606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89439fec51b9af6f2022-01-04 14:21:42.460root 11241100x80000000000000004284607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d23bca02d09a7ff2022-01-04 14:21:42.460root 11241100x80000000000000004284608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7204cbefffbba262022-01-04 14:21:42.460root 11241100x80000000000000004284609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfa48ca11174b852022-01-04 14:21:42.460root 11241100x80000000000000004284610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7279a01acdce9db42022-01-04 14:21:42.460root 11241100x80000000000000004284611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ad38285abf37732022-01-04 14:21:42.460root 11241100x80000000000000004284612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921a66927d0b85d82022-01-04 14:21:42.461root 11241100x80000000000000004284613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ee49f4831aa25c2022-01-04 14:21:42.461root 11241100x80000000000000004284614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e72816d1d4186e2022-01-04 14:21:42.461root 11241100x80000000000000004284615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba9e7b7f8b6b9cd2022-01-04 14:21:42.461root 11241100x80000000000000004284616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079326bb07127c662022-01-04 14:21:42.461root 11241100x80000000000000004284617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b48bc1e489d5582022-01-04 14:21:42.959root 11241100x80000000000000004284618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c4facecf4ebd42022-01-04 14:21:42.959root 11241100x80000000000000004284619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a016ce03ea8c262022-01-04 14:21:42.959root 11241100x80000000000000004284620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ef49ac08ac1ad32022-01-04 14:21:42.959root 11241100x80000000000000004284621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb3130bd55392382022-01-04 14:21:42.959root 11241100x80000000000000004284622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10672dbbf880b7c2022-01-04 14:21:42.960root 11241100x80000000000000004284623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e589861d677dca002022-01-04 14:21:42.960root 11241100x80000000000000004284624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0250ec51dbd5515c2022-01-04 14:21:42.960root 11241100x80000000000000004284625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569eaeb8f844f1cf2022-01-04 14:21:42.960root 11241100x80000000000000004284626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17fc20c029ea8c62022-01-04 14:21:42.960root 11241100x80000000000000004284627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef04d77b7a17c752022-01-04 14:21:42.960root 11241100x80000000000000004284628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e572d94a05d88a42022-01-04 14:21:42.960root 11241100x80000000000000004284629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3fb41fd14f7bad2022-01-04 14:21:42.960root 11241100x80000000000000004284630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e81e9e707c62f782022-01-04 14:21:42.960root 11241100x80000000000000004284631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179b1f1c6a3057432022-01-04 14:21:42.960root 11241100x80000000000000004284632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a79e13abb1fd1ce2022-01-04 14:21:42.960root 11241100x80000000000000004284633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37edee8223323ce32022-01-04 14:21:42.960root 11241100x80000000000000004284634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08c1ce602b01132022-01-04 14:21:43.459root 11241100x80000000000000004284635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90e0f7e92f25cf82022-01-04 14:21:43.459root 11241100x80000000000000004284636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9504224bba7aceb02022-01-04 14:21:43.460root 11241100x80000000000000004284637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aea366e7243c1882022-01-04 14:21:43.460root 11241100x80000000000000004284638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aa5549e3fc88492022-01-04 14:21:43.460root 11241100x80000000000000004284639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c28a331436a982022-01-04 14:21:43.460root 11241100x80000000000000004284640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb981cdae810bef2022-01-04 14:21:43.460root 11241100x80000000000000004284641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7529f6d6bae8bf2022-01-04 14:21:43.460root 11241100x80000000000000004284642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f431a36a1049135e2022-01-04 14:21:43.460root 11241100x80000000000000004284643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc4021e25207b902022-01-04 14:21:43.460root 11241100x80000000000000004284644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95efd094391356a2022-01-04 14:21:43.460root 11241100x80000000000000004284645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4ed5e15a298c572022-01-04 14:21:43.460root 11241100x80000000000000004284646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463e2555893fe47d2022-01-04 14:21:43.460root 11241100x80000000000000004284647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229eb8a52a0594fa2022-01-04 14:21:43.461root 11241100x80000000000000004284648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13de761ba85005ea2022-01-04 14:21:43.461root 11241100x80000000000000004284649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f113b9853c1c9b2022-01-04 14:21:43.461root 11241100x80000000000000004284650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75a4f8c9901be3e2022-01-04 14:21:43.959root 11241100x80000000000000004284651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9665a54f311411da2022-01-04 14:21:43.960root 11241100x80000000000000004284652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dee94827b00a8442022-01-04 14:21:43.960root 11241100x80000000000000004284653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c7a4c0a74423072022-01-04 14:21:43.960root 11241100x80000000000000004284654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea490030160030b2022-01-04 14:21:43.960root 11241100x80000000000000004284655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013de66a2faee1b62022-01-04 14:21:43.960root 11241100x80000000000000004284656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc118fa264934fc12022-01-04 14:21:43.960root 11241100x80000000000000004284657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b00624b04c0b52022-01-04 14:21:43.960root 11241100x80000000000000004284658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0d555247855e5d2022-01-04 14:21:43.960root 11241100x80000000000000004284659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682e438c06cda3e32022-01-04 14:21:43.960root 11241100x80000000000000004284660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9747694547e544b2022-01-04 14:21:43.961root 11241100x80000000000000004284661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a21fded4503001d2022-01-04 14:21:43.961root 11241100x80000000000000004284662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec0e0eb6e33c6462022-01-04 14:21:43.961root 11241100x80000000000000004284663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0133aeb3b9ade6f2022-01-04 14:21:43.961root 11241100x80000000000000004284664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27504568519fb042022-01-04 14:21:43.961root 11241100x80000000000000004284665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60936fd73d374f322022-01-04 14:21:43.961root 11241100x80000000000000004284666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3ea23026b3543a2022-01-04 14:21:44.459root 11241100x80000000000000004284667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb16e2fe2089482022-01-04 14:21:44.459root 11241100x80000000000000004284668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6806b31968a1b52022-01-04 14:21:44.459root 11241100x80000000000000004284669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9addc14693abca72022-01-04 14:21:44.459root 11241100x80000000000000004284670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5851f5f6ab01b0022022-01-04 14:21:44.460root 11241100x80000000000000004284671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e412d5c6da1292022-01-04 14:21:44.460root 11241100x80000000000000004284672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089ec977b88266842022-01-04 14:21:44.460root 11241100x80000000000000004284673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27726a3190148d422022-01-04 14:21:44.460root 11241100x80000000000000004284674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3ed6f0c3a22c2f2022-01-04 14:21:44.460root 11241100x80000000000000004284675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca69cd6e5bcda8142022-01-04 14:21:44.460root 11241100x80000000000000004284676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4ca54b75e8037d2022-01-04 14:21:44.460root 11241100x80000000000000004284677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367d6004384d30282022-01-04 14:21:44.460root 11241100x80000000000000004284678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce251bf92dcab772022-01-04 14:21:44.460root 11241100x80000000000000004284679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de06eeb0b16beff92022-01-04 14:21:44.460root 11241100x80000000000000004284680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db05c08810e27ca52022-01-04 14:21:44.461root 11241100x80000000000000004284681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed994f34d0aebdb32022-01-04 14:21:44.461root 11241100x80000000000000004284682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab40bc49d14a63e2022-01-04 14:21:44.959root 11241100x80000000000000004284683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531aa7a921092d1f2022-01-04 14:21:44.960root 11241100x80000000000000004284684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714999b5b03d08692022-01-04 14:21:44.960root 11241100x80000000000000004284685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8665b77309a1bb2022-01-04 14:21:44.961root 11241100x80000000000000004284686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b48bb66138c5df62022-01-04 14:21:44.961root 11241100x80000000000000004284687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed95eb2e690844662022-01-04 14:21:44.961root 11241100x80000000000000004284688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92b13736c8e7b802022-01-04 14:21:44.961root 11241100x80000000000000004284689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fbe727eed331af2022-01-04 14:21:44.961root 11241100x80000000000000004284690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce91f7b768d9ad842022-01-04 14:21:44.961root 11241100x80000000000000004284691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892dbc79d3a6be822022-01-04 14:21:44.961root 11241100x80000000000000004284692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fc86714083f05a2022-01-04 14:21:44.961root 11241100x80000000000000004284693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3e82e979f94662022-01-04 14:21:44.961root 11241100x80000000000000004284694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcb035cc27d646d2022-01-04 14:21:44.961root 11241100x80000000000000004284695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c8cdc288206e9e2022-01-04 14:21:44.961root 11241100x80000000000000004284696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bf6965df03b1d92022-01-04 14:21:44.961root 11241100x80000000000000004284697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed345b18db83c7e12022-01-04 14:21:44.961root 11241100x80000000000000004284698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3999a88463437ea82022-01-04 14:21:45.459root 11241100x80000000000000004284699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793fa8550743653a2022-01-04 14:21:45.460root 11241100x80000000000000004284700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6099b4f5e360732022-01-04 14:21:45.460root 11241100x80000000000000004284701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12441d703602e852022-01-04 14:21:45.460root 11241100x80000000000000004284702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8949c583b0fd58162022-01-04 14:21:45.460root 11241100x80000000000000004284703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67abc171e99fdea12022-01-04 14:21:45.461root 11241100x80000000000000004284704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f21afa374fcd0e52022-01-04 14:21:45.461root 11241100x80000000000000004284705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7859d173b05525c2022-01-04 14:21:45.461root 11241100x80000000000000004284706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b5716ee11fff422022-01-04 14:21:45.461root 11241100x80000000000000004284707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c784d4cb73644b6b2022-01-04 14:21:45.461root 11241100x80000000000000004284708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1ab2ba718295882022-01-04 14:21:45.462root 11241100x80000000000000004284709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33799e67a9a45412022-01-04 14:21:45.462root 11241100x80000000000000004284710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136a6b5460c8d8542022-01-04 14:21:45.462root 11241100x80000000000000004284711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635112d43a18b7a12022-01-04 14:21:45.462root 11241100x80000000000000004284712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b948a83ce6f1ef2022-01-04 14:21:45.463root 11241100x80000000000000004284713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f5d731eea12b302022-01-04 14:21:45.463root 11241100x80000000000000004284714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566f46ae788fb8b12022-01-04 14:21:45.959root 11241100x80000000000000004284715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643ad41a8881de972022-01-04 14:21:45.960root 11241100x80000000000000004284716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ce9d140e4cdeb02022-01-04 14:21:45.960root 11241100x80000000000000004284717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80aa62eb56373a52022-01-04 14:21:45.960root 11241100x80000000000000004284718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbb8828eff8cd9c2022-01-04 14:21:45.960root 11241100x80000000000000004284719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05351954991106402022-01-04 14:21:45.960root 11241100x80000000000000004284720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d7b84d0ed241982022-01-04 14:21:45.960root 11241100x80000000000000004284721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db331b0032808a32022-01-04 14:21:45.960root 11241100x80000000000000004284722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa343c45780e5972022-01-04 14:21:45.960root 11241100x80000000000000004284723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622a91677e3258962022-01-04 14:21:45.960root 11241100x80000000000000004284724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcac4543e8621c322022-01-04 14:21:45.960root 11241100x80000000000000004284725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72d5ce2d406b77e2022-01-04 14:21:45.960root 11241100x80000000000000004284726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1ed7ab52e63c522022-01-04 14:21:45.960root 11241100x80000000000000004284727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f956717e4ad84df92022-01-04 14:21:45.960root 11241100x80000000000000004284728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08d8236bc60efa42022-01-04 14:21:45.960root 11241100x80000000000000004284729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cfbf95b9b295ed2022-01-04 14:21:45.960root 11241100x80000000000000004284730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1973707442a6003c2022-01-04 14:21:46.459root 11241100x80000000000000004284731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4d644598c617662022-01-04 14:21:46.460root 11241100x80000000000000004284732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc60c5b9c00c3172022-01-04 14:21:46.460root 11241100x80000000000000004284733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8dceb44cc55add2022-01-04 14:21:46.460root 11241100x80000000000000004284734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1aa3c59b19d2cf2022-01-04 14:21:46.460root 11241100x80000000000000004284735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7fa0288a60349b2022-01-04 14:21:46.460root 11241100x80000000000000004284736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd45ee7c64a900692022-01-04 14:21:46.460root 11241100x80000000000000004284737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b5d149d88566132022-01-04 14:21:46.460root 11241100x80000000000000004284738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0414f777fe6d342022-01-04 14:21:46.460root 11241100x80000000000000004284739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88af85726f42905b2022-01-04 14:21:46.460root 11241100x80000000000000004284740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a774fbfccda6b6a2022-01-04 14:21:46.460root 11241100x80000000000000004284741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db4b5350ce4d98a2022-01-04 14:21:46.460root 11241100x80000000000000004284742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9c1244419bee682022-01-04 14:21:46.460root 11241100x80000000000000004284743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734d06bb39a392f42022-01-04 14:21:46.460root 11241100x80000000000000004284744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f035a626a80f3c312022-01-04 14:21:46.461root 11241100x80000000000000004284745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a2e3a529c803f52022-01-04 14:21:46.461root 11241100x80000000000000004284746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef6427f2baf2d52022-01-04 14:21:46.959root 11241100x80000000000000004284747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e361a1f3d29f372022-01-04 14:21:46.959root 11241100x80000000000000004284748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe06d4908da33f62022-01-04 14:21:46.959root 11241100x80000000000000004284749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9b17db9c0a47512022-01-04 14:21:46.959root 11241100x80000000000000004284750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8950da4103fb352022-01-04 14:21:46.960root 11241100x80000000000000004284751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4842267069932fd2022-01-04 14:21:46.960root 11241100x80000000000000004284752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bb964856bbc8dc2022-01-04 14:21:46.960root 11241100x80000000000000004284753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19af29ddbf668a72022-01-04 14:21:46.960root 11241100x80000000000000004284754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244148cbff8af1ce2022-01-04 14:21:46.960root 11241100x80000000000000004284755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b9bc5c1e0c9ff92022-01-04 14:21:46.960root 11241100x80000000000000004284756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5606115317e08e62022-01-04 14:21:46.960root 11241100x80000000000000004284757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df8f12f2c6c03df2022-01-04 14:21:46.960root 11241100x80000000000000004284758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dc68b6a547b1f82022-01-04 14:21:46.960root 11241100x80000000000000004284759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d176a2cc05addbb82022-01-04 14:21:46.960root 11241100x80000000000000004284760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71741b063eedbfef2022-01-04 14:21:46.960root 11241100x80000000000000004284761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2853c690bfc5d14f2022-01-04 14:21:46.960root 11241100x80000000000000004284762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b543df177192da92022-01-04 14:21:47.459root 11241100x80000000000000004284763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333783a000b473402022-01-04 14:21:47.460root 11241100x80000000000000004284764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63028bd5a1cf5662022-01-04 14:21:47.460root 11241100x80000000000000004284765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d41f1365ce761992022-01-04 14:21:47.460root 11241100x80000000000000004284766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e01a65261ff9b72022-01-04 14:21:47.460root 11241100x80000000000000004284767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7971bcf069fbcc802022-01-04 14:21:47.460root 11241100x80000000000000004284768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8908bf5043e95cc32022-01-04 14:21:47.460root 11241100x80000000000000004284769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4015894a392b9002022-01-04 14:21:47.460root 11241100x80000000000000004284770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877d0a1ebedf28892022-01-04 14:21:47.461root 11241100x80000000000000004284771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980dd8fd8c7041f02022-01-04 14:21:47.461root 11241100x80000000000000004284772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3bafaea393a79d2022-01-04 14:21:47.461root 11241100x80000000000000004284773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2422e6a1b919bfae2022-01-04 14:21:47.461root 11241100x80000000000000004284774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb28d375314aa2272022-01-04 14:21:47.461root 11241100x80000000000000004284775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a638212adf3249252022-01-04 14:21:47.461root 11241100x80000000000000004284776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def84adf4a04a8d72022-01-04 14:21:47.461root 11241100x80000000000000004284777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee55a04af6a2b112022-01-04 14:21:47.461root 11241100x80000000000000004284778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1307ee8cc067132022-01-04 14:21:47.959root 11241100x80000000000000004284779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3866e4c8630d2b2e2022-01-04 14:21:47.960root 11241100x80000000000000004284780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0134e1d586f2d22022-01-04 14:21:47.960root 11241100x80000000000000004284781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031480dcbe76ff072022-01-04 14:21:47.960root 11241100x80000000000000004284782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b2b67cbe68ee562022-01-04 14:21:47.960root 11241100x80000000000000004284783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5f00ad7c9eb3a02022-01-04 14:21:47.960root 11241100x80000000000000004284784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48abf281b6cd13572022-01-04 14:21:47.960root 11241100x80000000000000004284785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd15571f1a2ddde2022-01-04 14:21:47.960root 11241100x80000000000000004284786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e495fb16bfe7fbb2022-01-04 14:21:47.960root 11241100x80000000000000004284787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f299f3de4c6c7c692022-01-04 14:21:47.961root 11241100x80000000000000004284788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d718d406080262df2022-01-04 14:21:47.961root 11241100x80000000000000004284789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7323981af57932882022-01-04 14:21:47.961root 11241100x80000000000000004284790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d01068f1f5e76c22022-01-04 14:21:47.961root 11241100x80000000000000004284791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c76eb7a61be2992022-01-04 14:21:47.961root 11241100x80000000000000004284792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef2adf3be2d7672022-01-04 14:21:47.961root 11241100x80000000000000004284793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941320f2bef7671e2022-01-04 14:21:47.961root 354300x80000000000000004284794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.112{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41584-false10.0.1.12-8000- 11241100x80000000000000004284795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d26e3c35e7d93b2022-01-04 14:21:48.459root 11241100x80000000000000004284796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850b31a3d433fa282022-01-04 14:21:48.460root 11241100x80000000000000004284797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412cf02922e613282022-01-04 14:21:48.460root 11241100x80000000000000004284798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96a137229cfd092022-01-04 14:21:48.460root 11241100x80000000000000004284799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137d403759ce7bc2022-01-04 14:21:48.460root 11241100x80000000000000004284800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac7900950c4e0b92022-01-04 14:21:48.460root 11241100x80000000000000004284801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fd2ede209d38902022-01-04 14:21:48.460root 11241100x80000000000000004284802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6543c3e92feda60a2022-01-04 14:21:48.460root 11241100x80000000000000004284803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7003a2bcf46a715a2022-01-04 14:21:48.460root 11241100x80000000000000004284804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c34b0b782b78f322022-01-04 14:21:48.460root 11241100x80000000000000004284805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aed2ba27a884a022022-01-04 14:21:48.460root 11241100x80000000000000004284806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3325a8005f36391b2022-01-04 14:21:48.461root 11241100x80000000000000004284807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ab504aa64d25ab2022-01-04 14:21:48.461root 11241100x80000000000000004284808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257cd6efe49605282022-01-04 14:21:48.461root 11241100x80000000000000004284809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04828680336e78232022-01-04 14:21:48.461root 11241100x80000000000000004284810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a19efbbf7b35f92022-01-04 14:21:48.461root 11241100x80000000000000004284811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabfb13d21175dcf2022-01-04 14:21:48.461root 11241100x80000000000000004284812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50d1b6da470a1802022-01-04 14:21:48.959root 11241100x80000000000000004284813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae642ff090db3bb2022-01-04 14:21:48.959root 11241100x80000000000000004284814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6651349805991412022-01-04 14:21:48.959root 11241100x80000000000000004284815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d925f15f15a11d82022-01-04 14:21:48.959root 11241100x80000000000000004284816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a349c9a19a56372022-01-04 14:21:48.960root 11241100x80000000000000004284817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634fb9c353ac55892022-01-04 14:21:48.960root 11241100x80000000000000004284818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49171cc4e403b5a02022-01-04 14:21:48.960root 11241100x80000000000000004284819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8837f80d156fc82022-01-04 14:21:48.960root 11241100x80000000000000004284820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7a5f7d8410bcd72022-01-04 14:21:48.960root 11241100x80000000000000004284821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c81585e70f254b82022-01-04 14:21:48.960root 11241100x80000000000000004284822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8b82e15669769a2022-01-04 14:21:48.960root 11241100x80000000000000004284823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9e2ee4292ad6e92022-01-04 14:21:48.960root 11241100x80000000000000004284824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f179ba102a6e1052022-01-04 14:21:48.960root 11241100x80000000000000004284825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d2a454d95ff11d2022-01-04 14:21:48.960root 11241100x80000000000000004284826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85b6da200a3eebb2022-01-04 14:21:48.961root 11241100x80000000000000004284827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b937814535a2c12022-01-04 14:21:48.961root 11241100x80000000000000004284828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a84b2fc4f2c2bc2022-01-04 14:21:48.961root 11241100x80000000000000004284829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c817a7b5887786992022-01-04 14:21:49.459root 11241100x80000000000000004284830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecc65eb16e516872022-01-04 14:21:49.460root 11241100x80000000000000004284831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ca061087305ce12022-01-04 14:21:49.460root 11241100x80000000000000004284832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a333b9f30dac562022-01-04 14:21:49.460root 11241100x80000000000000004284833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867845af4deee3a72022-01-04 14:21:49.460root 11241100x80000000000000004284834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d05c05e874e95d2022-01-04 14:21:49.460root 11241100x80000000000000004284835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e240dfa8b8ea582022-01-04 14:21:49.460root 11241100x80000000000000004284836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08666f569efa075e2022-01-04 14:21:49.460root 11241100x80000000000000004284837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdecdd62c087fd1f2022-01-04 14:21:49.460root 11241100x80000000000000004284838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349c2af1d5fc2b182022-01-04 14:21:49.461root 11241100x80000000000000004284839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0c308a32cde6b12022-01-04 14:21:49.461root 11241100x80000000000000004284840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec328021137cecd82022-01-04 14:21:49.461root 11241100x80000000000000004284841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c50129056bf5822022-01-04 14:21:49.461root 11241100x80000000000000004284842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c885b84c3af65a2022-01-04 14:21:49.461root 11241100x80000000000000004284843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef12b9b48de6bc262022-01-04 14:21:49.461root 11241100x80000000000000004284844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469f94ab4f09a8822022-01-04 14:21:49.461root 11241100x80000000000000004284845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea410f5fea27bb392022-01-04 14:21:49.461root 11241100x80000000000000004284846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884f51adbaa9c2812022-01-04 14:21:49.959root 11241100x80000000000000004284847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cadca1499d579912022-01-04 14:21:49.959root 11241100x80000000000000004284848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f553358fe8913e22022-01-04 14:21:49.959root 11241100x80000000000000004284849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebb3ca76055b3232022-01-04 14:21:49.959root 11241100x80000000000000004284850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579cbeabf20ac112022-01-04 14:21:49.959root 11241100x80000000000000004284851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1fd9193c0b7e902022-01-04 14:21:49.959root 11241100x80000000000000004284852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc20396410185b3e2022-01-04 14:21:49.959root 11241100x80000000000000004284853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20146d0ff2c8eaae2022-01-04 14:21:49.960root 11241100x80000000000000004284854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e3e1fd694a2d372022-01-04 14:21:49.960root 11241100x80000000000000004284855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb90fe7eb3d6b5582022-01-04 14:21:49.960root 11241100x80000000000000004284856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68c81562094d8ed2022-01-04 14:21:49.960root 11241100x80000000000000004284857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b013254bdde3382022-01-04 14:21:49.960root 11241100x80000000000000004284858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbe8337b26e2a272022-01-04 14:21:49.960root 11241100x80000000000000004284859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78582ba135894eb2022-01-04 14:21:49.960root 11241100x80000000000000004284860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44482b535164ba7d2022-01-04 14:21:49.960root 11241100x80000000000000004284861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ef68e3d34dad5c2022-01-04 14:21:49.960root 11241100x80000000000000004284862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e281f0de770463dc2022-01-04 14:21:49.960root 11241100x80000000000000004284863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01abdc5a0c8e40e92022-01-04 14:21:49.960root 11241100x80000000000000004284864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d003faaf96c7f92022-01-04 14:21:50.459root 11241100x80000000000000004284865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f6427d5bcf934a2022-01-04 14:21:50.460root 11241100x80000000000000004284866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a33e11a117e5d5a2022-01-04 14:21:50.460root 11241100x80000000000000004284867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a3b5cbf7f435562022-01-04 14:21:50.460root 11241100x80000000000000004284868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbf2aef3bb119b92022-01-04 14:21:50.460root 11241100x80000000000000004284869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0831def49d94f2b72022-01-04 14:21:50.460root 11241100x80000000000000004284870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874af61411606f2f2022-01-04 14:21:50.460root 11241100x80000000000000004284871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a199dbd6fd0f7e2022-01-04 14:21:50.460root 11241100x80000000000000004284872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630e349e037f9cb52022-01-04 14:21:50.461root 11241100x80000000000000004284873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7a8f7222f1e31e2022-01-04 14:21:50.461root 11241100x80000000000000004284874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8bfef5fd7ed59e2022-01-04 14:21:50.461root 11241100x80000000000000004284875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e1ba1279cc62362022-01-04 14:21:50.461root 11241100x80000000000000004284876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4be2728916cc7c2022-01-04 14:21:50.461root 11241100x80000000000000004284877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270a79c38c68f4fb2022-01-04 14:21:50.461root 11241100x80000000000000004284878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526bcc0fd74e5312022-01-04 14:21:50.461root 11241100x80000000000000004284879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda5e54ac6d405e02022-01-04 14:21:50.461root 11241100x80000000000000004284880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c91968618dcac9c2022-01-04 14:21:50.461root 11241100x80000000000000004284881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a616391e33b5a5282022-01-04 14:21:50.959root 11241100x80000000000000004284882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1fae205c5440d72022-01-04 14:21:50.960root 11241100x80000000000000004284883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bc691c111e6d3d2022-01-04 14:21:50.960root 11241100x80000000000000004284884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d70b12529a43d7f2022-01-04 14:21:50.960root 11241100x80000000000000004284885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a6a09258dba662022-01-04 14:21:50.960root 11241100x80000000000000004284886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9021bd4caea11e72022-01-04 14:21:50.960root 11241100x80000000000000004284887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f47cb0ed59a3a82022-01-04 14:21:50.960root 11241100x80000000000000004284888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5febc250f4a529792022-01-04 14:21:50.960root 11241100x80000000000000004284889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450506f5dadd3b962022-01-04 14:21:50.960root 11241100x80000000000000004284890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5b653bead3fe152022-01-04 14:21:50.960root 11241100x80000000000000004284891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55209aef0f3977682022-01-04 14:21:50.960root 11241100x80000000000000004284892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d768df8b14b0482022-01-04 14:21:50.960root 11241100x80000000000000004284893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3a6e5aa5eb02fd2022-01-04 14:21:50.960root 11241100x80000000000000004284894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5701e713c0a6d7352022-01-04 14:21:50.960root 11241100x80000000000000004284895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f46881a64237f5e2022-01-04 14:21:50.960root 11241100x80000000000000004284896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3b9f481209cae22022-01-04 14:21:50.961root 11241100x80000000000000004284897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1f9201588d0102022-01-04 14:21:50.961root 11241100x80000000000000004284898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fdb05c8b0d78522022-01-04 14:21:51.459root 11241100x80000000000000004284899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804d02b33e2b0c992022-01-04 14:21:51.459root 11241100x80000000000000004284900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2cf5885c90fe402022-01-04 14:21:51.459root 11241100x80000000000000004284901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9f2e1cef21d85f2022-01-04 14:21:51.459root 11241100x80000000000000004284902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4b07fa11513b442022-01-04 14:21:51.459root 11241100x80000000000000004284903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecc0d9b54b9b9772022-01-04 14:21:51.460root 11241100x80000000000000004284904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c007180d2944b0772022-01-04 14:21:51.460root 11241100x80000000000000004284905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d4594821f3fcb2022-01-04 14:21:51.460root 11241100x80000000000000004284906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10915d42f8a1ba7c2022-01-04 14:21:51.460root 11241100x80000000000000004284907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2363ec7c53bd5f192022-01-04 14:21:51.460root 11241100x80000000000000004284908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d8c8fd24e737372022-01-04 14:21:51.460root 11241100x80000000000000004284909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfff4ecc7cc76f72022-01-04 14:21:51.460root 11241100x80000000000000004284910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098f51066ff4820c2022-01-04 14:21:51.460root 11241100x80000000000000004284911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b3e0e2852065ed2022-01-04 14:21:51.460root 11241100x80000000000000004284912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f978067b1cebce2022-01-04 14:21:51.460root 11241100x80000000000000004284913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3141c9179ff23632022-01-04 14:21:51.461root 11241100x80000000000000004284914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d7db781b2c20f32022-01-04 14:21:51.461root 11241100x80000000000000004284915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5658f07e21b114a12022-01-04 14:21:51.461root 11241100x80000000000000004284916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09aea4ffed352872022-01-04 14:21:51.959root 11241100x80000000000000004284917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68f865fcd34644f2022-01-04 14:21:51.959root 11241100x80000000000000004284918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af7ff9b404df22b2022-01-04 14:21:51.960root 11241100x80000000000000004284919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f013aabfaf3b0d2022-01-04 14:21:51.960root 11241100x80000000000000004284920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1929cd7ce91abfa12022-01-04 14:21:51.960root 11241100x80000000000000004284921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58a9804e762e6242022-01-04 14:21:51.960root 11241100x80000000000000004284922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7e8554a727d0442022-01-04 14:21:51.960root 11241100x80000000000000004284923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c32053544d33342022-01-04 14:21:51.960root 11241100x80000000000000004284924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6a6e6bd2e1b1a02022-01-04 14:21:51.960root 11241100x80000000000000004284925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69373af43e228d82022-01-04 14:21:51.960root 11241100x80000000000000004284926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a5cf79ad83e7062022-01-04 14:21:51.961root 11241100x80000000000000004284927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628713497c1928f22022-01-04 14:21:51.961root 11241100x80000000000000004284928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6510954f7a51dedb2022-01-04 14:21:51.961root 11241100x80000000000000004284929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84aaf43bc1aa3aef2022-01-04 14:21:51.961root 11241100x80000000000000004284930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564ce93a17477be82022-01-04 14:21:51.961root 11241100x80000000000000004284931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d270a62e2439fa132022-01-04 14:21:51.961root 11241100x80000000000000004284932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b44e79ecc3469f22022-01-04 14:21:51.961root 11241100x80000000000000004284933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943b0ba951f7aed42022-01-04 14:21:52.459root 11241100x80000000000000004284934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ea89d3c114fc932022-01-04 14:21:52.459root 11241100x80000000000000004284935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44737455d0ba155d2022-01-04 14:21:52.459root 11241100x80000000000000004284936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca38212aa062ce802022-01-04 14:21:52.459root 11241100x80000000000000004284937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe3f3cdf4f7f6872022-01-04 14:21:52.460root 11241100x80000000000000004284938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfffe4987e127fd02022-01-04 14:21:52.460root 11241100x80000000000000004284939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30111a147f522872022-01-04 14:21:52.460root 11241100x80000000000000004284940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972c55b4776828102022-01-04 14:21:52.460root 11241100x80000000000000004284941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37e8ecd257f18e52022-01-04 14:21:52.460root 11241100x80000000000000004284942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b786888f87e6bec02022-01-04 14:21:52.460root 11241100x80000000000000004284943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b49d1d9aba753522022-01-04 14:21:52.460root 11241100x80000000000000004284944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2028870faa6f482022-01-04 14:21:52.460root 11241100x80000000000000004284945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adecf50a3b79d6d52022-01-04 14:21:52.460root 11241100x80000000000000004284946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea71a69397c473e2022-01-04 14:21:52.460root 11241100x80000000000000004284947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5a2ae9449279b22022-01-04 14:21:52.461root 11241100x80000000000000004284948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b85a6dd477784e2022-01-04 14:21:52.461root 11241100x80000000000000004284949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad18815b99f86be2022-01-04 14:21:52.461root 11241100x80000000000000004284950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10edcc5e88b616e2022-01-04 14:21:52.960root 11241100x80000000000000004284951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c5a7463a4951322022-01-04 14:21:52.960root 11241100x80000000000000004284952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b59bc87fa034742022-01-04 14:21:52.960root 11241100x80000000000000004284953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89369b3b6aa739fa2022-01-04 14:21:52.960root 11241100x80000000000000004284954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6aae3c9a24fe0b2022-01-04 14:21:52.960root 11241100x80000000000000004284955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a69b92f7e6ab5332022-01-04 14:21:52.960root 11241100x80000000000000004284956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c625d324ac18a9262022-01-04 14:21:52.960root 11241100x80000000000000004284957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb16564d75e570d2022-01-04 14:21:52.960root 11241100x80000000000000004284958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23cd21fcafdd7ff2022-01-04 14:21:52.960root 11241100x80000000000000004284959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a49ce86cfb1f3e2022-01-04 14:21:52.961root 11241100x80000000000000004284960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87241956b20cf54d2022-01-04 14:21:52.961root 11241100x80000000000000004284961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ab3be58a026a9b2022-01-04 14:21:52.961root 11241100x80000000000000004284962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1296e4c072e3cf62022-01-04 14:21:52.961root 11241100x80000000000000004284963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60abe1b759d39962022-01-04 14:21:52.961root 11241100x80000000000000004284964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe68981d98b97032022-01-04 14:21:52.961root 11241100x80000000000000004284965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dc3856468b6e9f2022-01-04 14:21:52.961root 11241100x80000000000000004284966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a98f290b9a142a92022-01-04 14:21:52.961root 11241100x80000000000000004284967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8254eb85772a10d12022-01-04 14:21:53.459root 11241100x80000000000000004284968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038c0b580d7336142022-01-04 14:21:53.459root 11241100x80000000000000004284969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71057ba60ceed8a2022-01-04 14:21:53.459root 11241100x80000000000000004284970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bb87c3558a4e822022-01-04 14:21:53.459root 11241100x80000000000000004284971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e572c0173db7e7222022-01-04 14:21:53.460root 11241100x80000000000000004284972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b94a2517ef963c2022-01-04 14:21:53.460root 11241100x80000000000000004284973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c085305e6438c3b2022-01-04 14:21:53.460root 11241100x80000000000000004284974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02c183bef90f1ef2022-01-04 14:21:53.461root 11241100x80000000000000004284975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4796a496facfbd182022-01-04 14:21:53.461root 11241100x80000000000000004284976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcd078a6861aad12022-01-04 14:21:53.461root 11241100x80000000000000004284977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e06543335e7d972022-01-04 14:21:53.461root 11241100x80000000000000004284978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb3df366f9b95b2022-01-04 14:21:53.461root 11241100x80000000000000004284979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aae827b44addfc02022-01-04 14:21:53.461root 11241100x80000000000000004284980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4badd6ad329a4fc92022-01-04 14:21:53.462root 11241100x80000000000000004284981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445bfa705a84042d2022-01-04 14:21:53.462root 11241100x80000000000000004284982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45a0833238b879a2022-01-04 14:21:53.462root 11241100x80000000000000004284983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c92a1f943c18f2022-01-04 14:21:53.462root 11241100x80000000000000004284984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3cba9e05e053582022-01-04 14:21:53.462root 11241100x80000000000000004284985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e67b61b50da452022-01-04 14:21:53.959root 11241100x80000000000000004284986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb8a932b6fc6f9a2022-01-04 14:21:53.959root 11241100x80000000000000004284987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617d675a2e125d72022-01-04 14:21:53.959root 11241100x80000000000000004284988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae233eeb0ab2942022-01-04 14:21:53.959root 11241100x80000000000000004284989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269374fce56518e12022-01-04 14:21:53.960root 11241100x80000000000000004284990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c92743b67365fd2022-01-04 14:21:53.960root 11241100x80000000000000004284991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2863b9d8d5863432022-01-04 14:21:53.960root 11241100x80000000000000004284992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5799fa1724d102022-01-04 14:21:53.960root 11241100x80000000000000004284993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df692d4ab4d3188d2022-01-04 14:21:53.960root 11241100x80000000000000004284994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e01140aa8c21c522022-01-04 14:21:53.960root 11241100x80000000000000004284995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ff1da03b5eff632022-01-04 14:21:53.960root 11241100x80000000000000004284996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336f7f0d433fcd0e2022-01-04 14:21:53.960root 11241100x80000000000000004284997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc03745cd65c7ea2022-01-04 14:21:53.960root 11241100x80000000000000004284998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7d038db0b94d5f2022-01-04 14:21:53.960root 11241100x80000000000000004284999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92b197c35d6b5772022-01-04 14:21:53.961root 11241100x80000000000000004285000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc4271511175e822022-01-04 14:21:53.961root 11241100x80000000000000004285001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe469d484c0e8e872022-01-04 14:21:53.961root 354300x80000000000000004285002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.035{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41586-false10.0.1.12-8000- 11241100x80000000000000004285003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747efc1a77ebacc92022-01-04 14:21:54.459root 11241100x80000000000000004285004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d6966aa0ba89062022-01-04 14:21:54.459root 11241100x80000000000000004285005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd049f589c8e30572022-01-04 14:21:54.460root 11241100x80000000000000004285006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5b684b3df86de02022-01-04 14:21:54.460root 11241100x80000000000000004285007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b030abc0daae8ac2022-01-04 14:21:54.460root 11241100x80000000000000004285008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424bb1884d0511522022-01-04 14:21:54.460root 11241100x80000000000000004285009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bd5709fcd1d4cf2022-01-04 14:21:54.460root 11241100x80000000000000004285010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ecf6aca4d6eb42022-01-04 14:21:54.460root 11241100x80000000000000004285011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5dad0d4014afba2022-01-04 14:21:54.461root 11241100x80000000000000004285012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d9abba9caf3c042022-01-04 14:21:54.461root 11241100x80000000000000004285013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b0796bb1a65f372022-01-04 14:21:54.461root 11241100x80000000000000004285014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dc94c16b08a3a92022-01-04 14:21:54.461root 11241100x80000000000000004285015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e4c170c37e7f912022-01-04 14:21:54.461root 11241100x80000000000000004285016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe385fa3edf94be2022-01-04 14:21:54.462root 11241100x80000000000000004285017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9b18bba9c1da72022-01-04 14:21:54.462root 11241100x80000000000000004285018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffae9976cad0fa02022-01-04 14:21:54.462root 11241100x80000000000000004285019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bfcaa3c25547b82022-01-04 14:21:54.462root 11241100x80000000000000004285020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db147c36b45d9022022-01-04 14:21:54.462root 11241100x80000000000000004285021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1253ee15f805902022-01-04 14:21:54.959root 11241100x80000000000000004285022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d55656c347914da2022-01-04 14:21:54.959root 11241100x80000000000000004285023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4243d7f85de3f5432022-01-04 14:21:54.959root 11241100x80000000000000004285024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682797bb99c9f23e2022-01-04 14:21:54.959root 11241100x80000000000000004285025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef51fa36dba341a2022-01-04 14:21:54.959root 11241100x80000000000000004285026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00a2e4af1a2d36b2022-01-04 14:21:54.959root 11241100x80000000000000004285027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a080c1d47df3ce2022-01-04 14:21:54.959root 11241100x80000000000000004285028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bff510f871d1ca92022-01-04 14:21:54.959root 11241100x80000000000000004285029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75814869555e02992022-01-04 14:21:54.959root 11241100x80000000000000004285030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91da65adb3abda32022-01-04 14:21:54.960root 11241100x80000000000000004285031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8f962a3c0c5fee2022-01-04 14:21:54.960root 11241100x80000000000000004285032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b21e83e8ae11bc2022-01-04 14:21:54.960root 11241100x80000000000000004285033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7934701e38daa34b2022-01-04 14:21:54.960root 11241100x80000000000000004285034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b28adeecf852202022-01-04 14:21:54.960root 11241100x80000000000000004285035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c01b2677efae3ce2022-01-04 14:21:54.960root 11241100x80000000000000004285036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabea1727f520c6e2022-01-04 14:21:54.960root 11241100x80000000000000004285037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b644f0d5d7ad1e2022-01-04 14:21:54.960root 11241100x80000000000000004285038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42f6e44cb2d0f4f2022-01-04 14:21:54.961root 11241100x80000000000000004285039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7752fa04602b5892022-01-04 14:21:55.459root 11241100x80000000000000004285040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fb4d734d6353fc2022-01-04 14:21:55.459root 11241100x80000000000000004285041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62dcbb05b20e90f2022-01-04 14:21:55.460root 11241100x80000000000000004285042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c28b10236b19582022-01-04 14:21:55.460root 11241100x80000000000000004285043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7b399f3f12ad602022-01-04 14:21:55.460root 11241100x80000000000000004285044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0062f59e19b95fff2022-01-04 14:21:55.460root 11241100x80000000000000004285045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f535f2a4050857d22022-01-04 14:21:55.460root 11241100x80000000000000004285046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6d03d36c2c6d982022-01-04 14:21:55.460root 11241100x80000000000000004285047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5945f1ccd8bb50a82022-01-04 14:21:55.461root 11241100x80000000000000004285048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bac06c688e53a42022-01-04 14:21:55.461root 11241100x80000000000000004285049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837d6818b5184ccd2022-01-04 14:21:55.461root 11241100x80000000000000004285050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723ec9236c8917482022-01-04 14:21:55.461root 11241100x80000000000000004285051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5282af3d937d6c12022-01-04 14:21:55.462root 11241100x80000000000000004285052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61154fca0fdcb3f92022-01-04 14:21:55.462root 11241100x80000000000000004285053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63c4ac327492d9a2022-01-04 14:21:55.462root 11241100x80000000000000004285054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d61823ee8a588972022-01-04 14:21:55.463root 11241100x80000000000000004285055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9456d648544fd9572022-01-04 14:21:55.463root 11241100x80000000000000004285056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40657158c08fb02022-01-04 14:21:55.463root 11241100x80000000000000004285057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d47bf6e490a48842022-01-04 14:21:55.463root 11241100x80000000000000004285058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b243f853fa0ae2022-01-04 14:21:55.959root 11241100x80000000000000004285059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3f6c6586edd6462022-01-04 14:21:55.959root 11241100x80000000000000004285060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cab62eed70c9e72022-01-04 14:21:55.959root 11241100x80000000000000004285061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef028ca57e616fe12022-01-04 14:21:55.959root 11241100x80000000000000004285062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a811b7521f51edf2022-01-04 14:21:55.960root 11241100x80000000000000004285063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa46611525a31b6a2022-01-04 14:21:55.960root 11241100x80000000000000004285064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0619931ad3e4772022-01-04 14:21:55.960root 11241100x80000000000000004285065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925fc179004fca012022-01-04 14:21:55.960root 11241100x80000000000000004285066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e5c4a3a44970a92022-01-04 14:21:55.960root 11241100x80000000000000004285067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dca7c6474e15532022-01-04 14:21:55.960root 11241100x80000000000000004285068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084086469f3b4bd2022-01-04 14:21:55.960root 11241100x80000000000000004285069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41de022fde2001712022-01-04 14:21:55.960root 11241100x80000000000000004285070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fa1397ce0a475e2022-01-04 14:21:55.960root 11241100x80000000000000004285071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f630fbd4ab0fb622022-01-04 14:21:55.960root 11241100x80000000000000004285072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90d5c2c3469d42b2022-01-04 14:21:55.961root 11241100x80000000000000004285073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f08aee550bbb8572022-01-04 14:21:55.961root 11241100x80000000000000004285074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6131b096cad9452022-01-04 14:21:55.961root 11241100x80000000000000004285075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde25e27de2ab0d62022-01-04 14:21:55.961root 11241100x80000000000000004285076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992fe8f168158c3e2022-01-04 14:21:56.459root 11241100x80000000000000004285077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1681e076eafdacf2022-01-04 14:21:56.459root 11241100x80000000000000004285078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f29865c5d18e392022-01-04 14:21:56.459root 11241100x80000000000000004285079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcfc83a7f49e9032022-01-04 14:21:56.460root 11241100x80000000000000004285080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8978c3b2e892c6362022-01-04 14:21:56.460root 11241100x80000000000000004285081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328b1edb5c59a8f82022-01-04 14:21:56.460root 11241100x80000000000000004285082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a982076da5ed752022-01-04 14:21:56.460root 11241100x80000000000000004285083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90f0d17871611932022-01-04 14:21:56.460root 11241100x80000000000000004285084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d5a6dde3c7a4c12022-01-04 14:21:56.460root 11241100x80000000000000004285085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdda1cb9b881c672022-01-04 14:21:56.460root 11241100x80000000000000004285086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20618cc6c99cdd162022-01-04 14:21:56.460root 11241100x80000000000000004285087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5909c9a91259eb7d2022-01-04 14:21:56.460root 11241100x80000000000000004285088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c5421f1b2a0d82022-01-04 14:21:56.460root 11241100x80000000000000004285089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e620651c67a1da3f2022-01-04 14:21:56.461root 11241100x80000000000000004285090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f033a4384e9859a72022-01-04 14:21:56.461root 11241100x80000000000000004285091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b735095a3c0f91092022-01-04 14:21:56.461root 11241100x80000000000000004285092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e371b35c148fa82022-01-04 14:21:56.461root 11241100x80000000000000004285093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef770faf752c310c2022-01-04 14:21:56.461root 11241100x80000000000000004285094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da182733585953952022-01-04 14:21:56.959root 11241100x80000000000000004285095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e735b08c7c69df2022-01-04 14:21:56.959root 11241100x80000000000000004285096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3fc5b1c66151582022-01-04 14:21:56.960root 11241100x80000000000000004285097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fe1730d05cf3f22022-01-04 14:21:56.960root 11241100x80000000000000004285098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cb5f5c5728429d2022-01-04 14:21:56.960root 11241100x80000000000000004285099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671a5bac55a1d36a2022-01-04 14:21:56.960root 11241100x80000000000000004285100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f12c76f9e79ae4c2022-01-04 14:21:56.960root 11241100x80000000000000004285101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245c1b8c3a05dc792022-01-04 14:21:56.960root 11241100x80000000000000004285102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115cfe1f729915312022-01-04 14:21:56.960root 11241100x80000000000000004285103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcd0fcf54998b3a2022-01-04 14:21:56.960root 11241100x80000000000000004285104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f61a748a8d89dc2022-01-04 14:21:56.960root 11241100x80000000000000004285105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb95da650351d2f72022-01-04 14:21:56.960root 11241100x80000000000000004285106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253f77731f4498252022-01-04 14:21:56.961root 11241100x80000000000000004285107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dade783d84e46d82022-01-04 14:21:56.961root 11241100x80000000000000004285108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d50b6dabb35d36b2022-01-04 14:21:56.961root 11241100x80000000000000004285109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659187aa86c7eb522022-01-04 14:21:56.961root 11241100x80000000000000004285110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c41b36d049cdb442022-01-04 14:21:56.961root 11241100x80000000000000004285111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a25d05fcb91ea582022-01-04 14:21:56.961root 11241100x80000000000000004285112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785c36e29ab26df02022-01-04 14:21:57.459root 11241100x80000000000000004285113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101a6b97f97314b22022-01-04 14:21:57.459root 11241100x80000000000000004285114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20b0453555021782022-01-04 14:21:57.460root 11241100x80000000000000004285115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9042d695772dfd22022-01-04 14:21:57.460root 11241100x80000000000000004285116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610e12a87b3541752022-01-04 14:21:57.460root 11241100x80000000000000004285117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06935c922d6d0df72022-01-04 14:21:57.460root 11241100x80000000000000004285118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a7a9d62b0286bd2022-01-04 14:21:57.460root 11241100x80000000000000004285119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f185866b5e64502022-01-04 14:21:57.460root 11241100x80000000000000004285120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59718645ebd88742022-01-04 14:21:57.460root 11241100x80000000000000004285121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21c75bc0ecca6562022-01-04 14:21:57.460root 11241100x80000000000000004285122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff90400c8f29af032022-01-04 14:21:57.461root 11241100x80000000000000004285123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9a14b563fefeb82022-01-04 14:21:57.461root 11241100x80000000000000004285124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f21ca9b13de6b282022-01-04 14:21:57.461root 11241100x80000000000000004285125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d13e28dacd16a32022-01-04 14:21:57.461root 11241100x80000000000000004285126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73542308f32c6d782022-01-04 14:21:57.461root 11241100x80000000000000004285127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d05435e1c7bd0e2022-01-04 14:21:57.461root 11241100x80000000000000004285128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1761150c5700d55b2022-01-04 14:21:57.461root 11241100x80000000000000004285129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8239473db090bd2022-01-04 14:21:57.461root 11241100x80000000000000004285130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf2ecbe3213c37b2022-01-04 14:21:57.959root 11241100x80000000000000004285131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a74ab7e94ca2832022-01-04 14:21:57.959root 11241100x80000000000000004285132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ef8ffeb190ca9f2022-01-04 14:21:57.959root 11241100x80000000000000004285133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf8263e88f0d17a2022-01-04 14:21:57.959root 11241100x80000000000000004285134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e995ece0a4930d6f2022-01-04 14:21:57.959root 11241100x80000000000000004285135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05603025db99bfe2022-01-04 14:21:57.959root 11241100x80000000000000004285136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afb8277cbcd91f32022-01-04 14:21:57.959root 11241100x80000000000000004285137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf2c2f3411b073f2022-01-04 14:21:57.959root 11241100x80000000000000004285138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced697683bf8c99a2022-01-04 14:21:57.959root 11241100x80000000000000004285139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6952403e831b06a2022-01-04 14:21:57.960root 11241100x80000000000000004285140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6563d49f69e6ad182022-01-04 14:21:57.960root 11241100x80000000000000004285141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b3389a2c6031e22022-01-04 14:21:57.960root 11241100x80000000000000004285142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64f25c487df2fab2022-01-04 14:21:57.960root 11241100x80000000000000004285143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee134f175b372bb12022-01-04 14:21:57.960root 11241100x80000000000000004285144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f281dfbd4356fe2022-01-04 14:21:57.960root 11241100x80000000000000004285145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff6b833d3047502022-01-04 14:21:57.960root 11241100x80000000000000004285146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f904c647928bf2b42022-01-04 14:21:57.960root 11241100x80000000000000004285147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01301eb3501200fe2022-01-04 14:21:57.960root 11241100x80000000000000004285148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92f381d583d2f982022-01-04 14:21:58.459root 11241100x80000000000000004285149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab207e2ccd4db9842022-01-04 14:21:58.459root 11241100x80000000000000004285150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e072dd3783df042022-01-04 14:21:58.460root 11241100x80000000000000004285151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22be8075e86e48de2022-01-04 14:21:58.460root 11241100x80000000000000004285152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c439b9ad0a1e32022-01-04 14:21:58.460root 11241100x80000000000000004285153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b2550a2743d7c2022-01-04 14:21:58.460root 11241100x80000000000000004285154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba08c3bc7d5de5062022-01-04 14:21:58.460root 11241100x80000000000000004285155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0ef98af40121fa2022-01-04 14:21:58.460root 11241100x80000000000000004285156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5154db3d022c1ebf2022-01-04 14:21:58.460root 11241100x80000000000000004285157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e20ee7cd82715b2022-01-04 14:21:58.460root 11241100x80000000000000004285158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08bd4b2d53d37f52022-01-04 14:21:58.460root 11241100x80000000000000004285159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf5abeabbda3e492022-01-04 14:21:58.461root 11241100x80000000000000004285160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ffea4182b2d232022-01-04 14:21:58.461root 11241100x80000000000000004285161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f1020a7e9e912b2022-01-04 14:21:58.461root 11241100x80000000000000004285162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2e5740018ae9db2022-01-04 14:21:58.461root 11241100x80000000000000004285163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4d64d5977378c02022-01-04 14:21:58.461root 11241100x80000000000000004285164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a30c7e6e96af07a2022-01-04 14:21:58.461root 11241100x80000000000000004285165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c3629bba72cbd52022-01-04 14:21:58.461root 11241100x80000000000000004285166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69761670043eb892022-01-04 14:21:58.960root 11241100x80000000000000004285167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9914030321146e852022-01-04 14:21:58.960root 11241100x80000000000000004285168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5560666dd23418892022-01-04 14:21:58.960root 11241100x80000000000000004285169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b383e422b7deb012022-01-04 14:21:58.960root 11241100x80000000000000004285170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824ba487c11d712e2022-01-04 14:21:58.960root 11241100x80000000000000004285171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd559a984426592022-01-04 14:21:58.960root 11241100x80000000000000004285172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc72cb1fe12ab062022-01-04 14:21:58.960root 11241100x80000000000000004285173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a12a12f1e330702022-01-04 14:21:58.960root 11241100x80000000000000004285174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0122be48b829bedc2022-01-04 14:21:58.961root 11241100x80000000000000004285175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c47234325c5c4462022-01-04 14:21:58.961root 11241100x80000000000000004285176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02722e620c85fa6a2022-01-04 14:21:58.961root 11241100x80000000000000004285177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b547d5eb4ca4f62022-01-04 14:21:58.961root 11241100x80000000000000004285178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50411e34135c36602022-01-04 14:21:58.961root 11241100x80000000000000004285179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcb73d1cdfe8a2b2022-01-04 14:21:58.961root 11241100x80000000000000004285180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45532d42762812982022-01-04 14:21:58.961root 11241100x80000000000000004285181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e84cf7ae18b53712022-01-04 14:21:58.961root 11241100x80000000000000004285182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7711320bb0506d7b2022-01-04 14:21:58.961root 11241100x80000000000000004285183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a44b06a870609e2022-01-04 14:21:58.962root 354300x80000000000000004285184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.052{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41588-false10.0.1.12-8000- 11241100x80000000000000004285185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc398c581030b4d2022-01-04 14:21:59.459root 11241100x80000000000000004285186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56268b43389d2ff12022-01-04 14:21:59.459root 11241100x80000000000000004285187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7c380db35976a52022-01-04 14:21:59.459root 11241100x80000000000000004285188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a3fb5626f0866f2022-01-04 14:21:59.459root 11241100x80000000000000004285189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d427b178258294382022-01-04 14:21:59.460root 11241100x80000000000000004285190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d4e62feee20cfe2022-01-04 14:21:59.460root 11241100x80000000000000004285191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578ee97f1c13a0a52022-01-04 14:21:59.460root 11241100x80000000000000004285192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e96510847551012022-01-04 14:21:59.460root 11241100x80000000000000004285193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1e47257f334072022-01-04 14:21:59.460root 11241100x80000000000000004285194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f84a005dac4b532022-01-04 14:21:59.460root 11241100x80000000000000004285195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c80abcca9628b012022-01-04 14:21:59.460root 11241100x80000000000000004285196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5581a7857d66367b2022-01-04 14:21:59.460root 11241100x80000000000000004285197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c5c5ff4e97b8e82022-01-04 14:21:59.460root 11241100x80000000000000004285198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad4d6346153ba5e2022-01-04 14:21:59.460root 11241100x80000000000000004285199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6828015fff50792022-01-04 14:21:59.461root 11241100x80000000000000004285200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6d18311d1473f82022-01-04 14:21:59.461root 11241100x80000000000000004285201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8092fe1b45de5612022-01-04 14:21:59.461root 11241100x80000000000000004285202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1344c2e8b29361cd2022-01-04 14:21:59.461root 11241100x80000000000000004285203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c3efc07ac701922022-01-04 14:21:59.461root 11241100x80000000000000004285204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8811103046bcaa2022-01-04 14:21:59.461root 11241100x80000000000000004285205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b5cca2bc69cf5e2022-01-04 14:21:59.461root 11241100x80000000000000004285206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ea01b623b767a12022-01-04 14:21:59.461root 11241100x80000000000000004285207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9198df2dd992d5af2022-01-04 14:21:59.461root 11241100x80000000000000004285208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8840f69ef002a1802022-01-04 14:21:59.461root 11241100x80000000000000004285209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3622b9b82fb9751d2022-01-04 14:21:59.462root 11241100x80000000000000004285210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8d9c6412d257b62022-01-04 14:21:59.462root 11241100x80000000000000004285211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c053e3cf17ac5552022-01-04 14:21:59.462root 11241100x80000000000000004285212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b776c0fb76139c42022-01-04 14:21:59.462root 11241100x80000000000000004285213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23c9bc404c506422022-01-04 14:21:59.462root 11241100x80000000000000004285214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df8f85d9586690e2022-01-04 14:21:59.462root 11241100x80000000000000004285215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a2f05f9784f03c2022-01-04 14:21:59.462root 11241100x80000000000000004285216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811032c68f89bb902022-01-04 14:21:59.462root 11241100x80000000000000004285217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f574fddafb6f6d2022-01-04 14:21:59.462root 11241100x80000000000000004285218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77813289949d4a5b2022-01-04 14:21:59.462root 11241100x80000000000000004285219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372152d4cb88e5342022-01-04 14:21:59.463root 11241100x80000000000000004285220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5e2b1db2e93d872022-01-04 14:21:59.463root 11241100x80000000000000004285221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0812927f6e180df52022-01-04 14:21:59.463root 11241100x80000000000000004285222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba80b7716cd36372022-01-04 14:21:59.463root 11241100x80000000000000004285223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f48171bc786572022-01-04 14:21:59.463root 11241100x80000000000000004285224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63df564467e1d4b2022-01-04 14:21:59.959root 11241100x80000000000000004285225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b3cf89f2af1ff02022-01-04 14:21:59.960root 11241100x80000000000000004285226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84becf30f4ec197e2022-01-04 14:21:59.960root 11241100x80000000000000004285227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23725b76e71328e92022-01-04 14:21:59.960root 11241100x80000000000000004285228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e4f2e8717d0522022-01-04 14:21:59.960root 11241100x80000000000000004285229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1f8ac642d03c552022-01-04 14:21:59.960root 11241100x80000000000000004285230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27128963814cb50e2022-01-04 14:21:59.960root 11241100x80000000000000004285231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea3f93a28bc9c862022-01-04 14:21:59.960root 11241100x80000000000000004285232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b656914ae180e122022-01-04 14:21:59.960root 11241100x80000000000000004285233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c63e9083a6bb5e32022-01-04 14:21:59.960root 11241100x80000000000000004285234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c996972d8ffd922022-01-04 14:21:59.961root 11241100x80000000000000004285235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb27f87d3b3138b2022-01-04 14:21:59.961root 11241100x80000000000000004285236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c39f2f8d9fb3b612022-01-04 14:21:59.961root 11241100x80000000000000004285237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cd7108b6f4ffda2022-01-04 14:21:59.961root 11241100x80000000000000004285238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ce5923ffceb76a2022-01-04 14:21:59.961root 11241100x80000000000000004285239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47616d907adf699d2022-01-04 14:21:59.961root 11241100x80000000000000004285240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cf37ba48d4eab92022-01-04 14:21:59.961root 11241100x80000000000000004285241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f28157d5665d672022-01-04 14:21:59.961root 11241100x80000000000000004285242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:21:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce7610352e612ca2022-01-04 14:21:59.961root 11241100x80000000000000004285243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7926ecafe18e4092022-01-04 14:22:00.460root 11241100x80000000000000004285244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5097cffcbabd0d2022-01-04 14:22:00.460root 11241100x80000000000000004285245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c15ba6d2d63562022-01-04 14:22:00.460root 11241100x80000000000000004285246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a12e953495692b2022-01-04 14:22:00.460root 11241100x80000000000000004285247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41141bc786c25ad62022-01-04 14:22:00.460root 11241100x80000000000000004285248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76a60b4d49484612022-01-04 14:22:00.460root 11241100x80000000000000004285249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af0184b9c9ee852022-01-04 14:22:00.460root 11241100x80000000000000004285250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3523d89062c0223d2022-01-04 14:22:00.460root 11241100x80000000000000004285251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5b2b06532b1f22022-01-04 14:22:00.460root 11241100x80000000000000004285252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6a57ed68fce4a42022-01-04 14:22:00.461root 11241100x80000000000000004285253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcb7af57ea4a87d2022-01-04 14:22:00.461root 11241100x80000000000000004285254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa23fc0b6e84bf12022-01-04 14:22:00.461root 11241100x80000000000000004285255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea9c881107350a62022-01-04 14:22:00.461root 11241100x80000000000000004285256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec11598a6e46da022022-01-04 14:22:00.461root 11241100x80000000000000004285257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb53e7edd12409d22022-01-04 14:22:00.461root 11241100x80000000000000004285258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88838849f6f93702022-01-04 14:22:00.461root 11241100x80000000000000004285259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c435be24918af52022-01-04 14:22:00.461root 11241100x80000000000000004285260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f66d49a396672212022-01-04 14:22:00.461root 11241100x80000000000000004285261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5393d6e7733eabbf2022-01-04 14:22:00.462root 11241100x80000000000000004285262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7dd3435383724f2022-01-04 14:22:00.960root 11241100x80000000000000004285263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06286194da377072022-01-04 14:22:00.960root 11241100x80000000000000004285264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f65b3d88e1a22a2022-01-04 14:22:00.960root 11241100x80000000000000004285265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40f5bd09fbb2dbc2022-01-04 14:22:00.960root 11241100x80000000000000004285266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e521697827f6948c2022-01-04 14:22:00.960root 11241100x80000000000000004285267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce2fa6ad1d88d682022-01-04 14:22:00.961root 11241100x80000000000000004285268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d337cfdd80749982022-01-04 14:22:00.961root 11241100x80000000000000004285269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b75fd0bd8b78ed2022-01-04 14:22:00.961root 11241100x80000000000000004285270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca4f965e79b9d5e2022-01-04 14:22:00.961root 11241100x80000000000000004285271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ad14025ed2bd642022-01-04 14:22:00.961root 11241100x80000000000000004285272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbb144b9a11d40b2022-01-04 14:22:00.961root 11241100x80000000000000004285273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334adda36ca5800e2022-01-04 14:22:00.961root 11241100x80000000000000004285274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8204ac85800492602022-01-04 14:22:00.962root 11241100x80000000000000004285275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea12c53a408b6022022-01-04 14:22:00.962root 11241100x80000000000000004285276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e80a12d77835b42022-01-04 14:22:00.962root 11241100x80000000000000004285277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933342f1da9782ce2022-01-04 14:22:00.962root 11241100x80000000000000004285278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72dc7235fdab6fb2022-01-04 14:22:00.962root 11241100x80000000000000004285279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a7e5ab6cc46b792022-01-04 14:22:00.962root 11241100x80000000000000004285280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:00.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b007a5a78515fb322022-01-04 14:22:00.963root 11241100x80000000000000004285281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:22:01.220root 11241100x80000000000000004285282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08397db8e8c8434e2022-01-04 14:22:01.222root 11241100x80000000000000004285283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6abf79a3e5e4e12022-01-04 14:22:01.222root 11241100x80000000000000004285284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b16900371b71f222022-01-04 14:22:01.222root 11241100x80000000000000004285285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97debee1b68548c2022-01-04 14:22:01.222root 11241100x80000000000000004285286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e12f516653fbb22022-01-04 14:22:01.222root 11241100x80000000000000004285287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fdd995d0ffa92d2022-01-04 14:22:01.223root 11241100x80000000000000004285288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6486420cef04e742022-01-04 14:22:01.223root 11241100x80000000000000004285289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaf56920a63c5322022-01-04 14:22:01.223root 11241100x80000000000000004285290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2a130016f62ee12022-01-04 14:22:01.223root 11241100x80000000000000004285291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b2b9a89a2fc77a2022-01-04 14:22:01.223root 11241100x80000000000000004285292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72c16ddf3d086a92022-01-04 14:22:01.223root 11241100x80000000000000004285293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aeb5e019a887c62022-01-04 14:22:01.223root 11241100x80000000000000004285294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb74d546a49bd6f2022-01-04 14:22:01.223root 11241100x80000000000000004285295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0fe257287279c72022-01-04 14:22:01.223root 11241100x80000000000000004285296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5280e7d0153e8fe32022-01-04 14:22:01.223root 11241100x80000000000000004285297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5809752d71dd1ca2022-01-04 14:22:01.224root 11241100x80000000000000004285298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554addea40c9141c2022-01-04 14:22:01.224root 11241100x80000000000000004285299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13a782f8d71120d2022-01-04 14:22:01.224root 11241100x80000000000000004285300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e569d4351897e9c12022-01-04 14:22:01.224root 11241100x80000000000000004285301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1664b438ae5f99822022-01-04 14:22:01.224root 11241100x80000000000000004285302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8181eb2069d2a7ba2022-01-04 14:22:01.224root 11241100x80000000000000004285303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5330d30640ba88c72022-01-04 14:22:01.710root 11241100x80000000000000004285304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5e482eed2f9e1b2022-01-04 14:22:01.710root 11241100x80000000000000004285305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a210ed6a0068bd552022-01-04 14:22:01.710root 11241100x80000000000000004285306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af661d2b0535198e2022-01-04 14:22:01.711root 11241100x80000000000000004285307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f169638b3fcf5e2022-01-04 14:22:01.711root 11241100x80000000000000004285308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a3ae59b67968ef2022-01-04 14:22:01.711root 11241100x80000000000000004285309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f921bbc9a15e8a22022-01-04 14:22:01.711root 11241100x80000000000000004285310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab4ff3d0fe5b13e2022-01-04 14:22:01.711root 11241100x80000000000000004285311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42ba769256cd3532022-01-04 14:22:01.711root 11241100x80000000000000004285312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48b9f5c0fe048692022-01-04 14:22:01.712root 11241100x80000000000000004285313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f670ddc2a42c4c392022-01-04 14:22:01.712root 11241100x80000000000000004285314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b492bb1a414ae0c82022-01-04 14:22:01.712root 11241100x80000000000000004285315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d37467888195502022-01-04 14:22:01.712root 11241100x80000000000000004285316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2c22e7eb6849542022-01-04 14:22:01.712root 11241100x80000000000000004285317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c71fc6e1ade0a982022-01-04 14:22:01.712root 11241100x80000000000000004285318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767fb5d6952e39c52022-01-04 14:22:01.712root 11241100x80000000000000004285319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857445bb243aeb42022-01-04 14:22:01.712root 11241100x80000000000000004285320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840b980e01a7696d2022-01-04 14:22:01.713root 11241100x80000000000000004285321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebbc45a3b1b8d812022-01-04 14:22:01.713root 11241100x80000000000000004285322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce62f2e501c707882022-01-04 14:22:01.713root 11241100x80000000000000004285323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c62f20fd18541c02022-01-04 14:22:02.209root 11241100x80000000000000004285324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb8c1f42ce0bcf2022-01-04 14:22:02.210root 11241100x80000000000000004285325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc0ffc6440fbb012022-01-04 14:22:02.210root 11241100x80000000000000004285326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625a524fb52b56042022-01-04 14:22:02.210root 11241100x80000000000000004285327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226f9d5e980235f2022-01-04 14:22:02.210root 11241100x80000000000000004285328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d5916702899b012022-01-04 14:22:02.210root 11241100x80000000000000004285329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4797a2bd5828041a2022-01-04 14:22:02.210root 11241100x80000000000000004285330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fe4d15917af7dc2022-01-04 14:22:02.210root 11241100x80000000000000004285331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b84b1851c34e51d2022-01-04 14:22:02.210root 11241100x80000000000000004285332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc5c7a69f2d13ee2022-01-04 14:22:02.210root 11241100x80000000000000004285333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b4196a8b2784f82022-01-04 14:22:02.210root 11241100x80000000000000004285334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bedb7043f9f521d2022-01-04 14:22:02.210root 11241100x80000000000000004285335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f12db09d4b073b2022-01-04 14:22:02.211root 11241100x80000000000000004285336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c1e40c5110d8282022-01-04 14:22:02.211root 11241100x80000000000000004285337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd3865fb906c262022-01-04 14:22:02.211root 11241100x80000000000000004285338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fd644daf152ff32022-01-04 14:22:02.211root 11241100x80000000000000004285339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604b0948e275120a2022-01-04 14:22:02.211root 11241100x80000000000000004285340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecfb6b96a713a932022-01-04 14:22:02.211root 11241100x80000000000000004285341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338d1f90719c0dd12022-01-04 14:22:02.211root 11241100x80000000000000004285342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c666a64c4e4a592022-01-04 14:22:02.211root 11241100x80000000000000004285343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceb30b15f6062872022-01-04 14:22:02.709root 11241100x80000000000000004285344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78c2be39f23edab2022-01-04 14:22:02.710root 11241100x80000000000000004285345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619258a3670449e32022-01-04 14:22:02.710root 11241100x80000000000000004285346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432c7389ebc468a72022-01-04 14:22:02.710root 11241100x80000000000000004285347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4b66dc6aaa69262022-01-04 14:22:02.710root 11241100x80000000000000004285348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0149511db72459882022-01-04 14:22:02.710root 11241100x80000000000000004285349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c8f947550717ae2022-01-04 14:22:02.710root 11241100x80000000000000004285350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6152332af3de4b32022-01-04 14:22:02.710root 11241100x80000000000000004285351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780739fd35ddd3f02022-01-04 14:22:02.710root 11241100x80000000000000004285352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a002e4127224752022-01-04 14:22:02.711root 11241100x80000000000000004285353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cf997ededea2f72022-01-04 14:22:02.711root 11241100x80000000000000004285354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9852d8b3157e0cb52022-01-04 14:22:02.711root 11241100x80000000000000004285355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644c9bf1fcefb3102022-01-04 14:22:02.711root 11241100x80000000000000004285356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c8c6d91c557b432022-01-04 14:22:02.711root 11241100x80000000000000004285357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d950c9bb4052172022-01-04 14:22:02.711root 11241100x80000000000000004285358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79cf8c4a82e4e3a2022-01-04 14:22:02.711root 11241100x80000000000000004285359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ced00f001b79e22022-01-04 14:22:02.711root 11241100x80000000000000004285360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3997dbdb3c99292022-01-04 14:22:02.711root 11241100x80000000000000004285361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6873615254b90d2022-01-04 14:22:02.711root 11241100x80000000000000004285362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b1a675ae751ac2022-01-04 14:22:02.712root 11241100x80000000000000004285363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aa21017850dc6d2022-01-04 14:22:03.210root 11241100x80000000000000004285364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7778f483ce2b912022-01-04 14:22:03.210root 11241100x80000000000000004285365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0805392ae4f42ab72022-01-04 14:22:03.210root 11241100x80000000000000004285366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31958b005c2ec7a52022-01-04 14:22:03.210root 11241100x80000000000000004285367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176477f069d7f9342022-01-04 14:22:03.210root 11241100x80000000000000004285368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94c0b9cd2a5bebd2022-01-04 14:22:03.210root 11241100x80000000000000004285369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd18be92583244a22022-01-04 14:22:03.210root 11241100x80000000000000004285370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40195b6487b8bd162022-01-04 14:22:03.211root 11241100x80000000000000004285371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b4adb2a82195cf2022-01-04 14:22:03.211root 11241100x80000000000000004285372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90b777a80fe0532022-01-04 14:22:03.211root 11241100x80000000000000004285373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7eb95c0f1d48ab2022-01-04 14:22:03.211root 11241100x80000000000000004285374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b214b8b6d449e8a2022-01-04 14:22:03.211root 11241100x80000000000000004285375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534859c3071aab752022-01-04 14:22:03.211root 11241100x80000000000000004285376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5efba04613153562022-01-04 14:22:03.211root 11241100x80000000000000004285377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97bba9008787f602022-01-04 14:22:03.211root 11241100x80000000000000004285378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937a928e55b0e0d52022-01-04 14:22:03.211root 11241100x80000000000000004285379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a1bbcce331e2272022-01-04 14:22:03.211root 11241100x80000000000000004285380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069d75ef36c522652022-01-04 14:22:03.212root 11241100x80000000000000004285381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c29392daa3434732022-01-04 14:22:03.212root 11241100x80000000000000004285382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad202139826800402022-01-04 14:22:03.213root 11241100x80000000000000004285383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dee93cc962f4572022-01-04 14:22:03.710root 11241100x80000000000000004285384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd140fa1f7255c202022-01-04 14:22:03.710root 11241100x80000000000000004285385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085006e7458633072022-01-04 14:22:03.710root 11241100x80000000000000004285386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2dc8e1529f11362022-01-04 14:22:03.710root 11241100x80000000000000004285387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da7887041489b682022-01-04 14:22:03.710root 11241100x80000000000000004285388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1768e866c4c0dffc2022-01-04 14:22:03.710root 11241100x80000000000000004285389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a4bf4e8bb9e21c2022-01-04 14:22:03.710root 11241100x80000000000000004285390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1302040b0439642022-01-04 14:22:03.710root 11241100x80000000000000004285391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40a4699417a3db02022-01-04 14:22:03.710root 11241100x80000000000000004285392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b1903dcb291a8a2022-01-04 14:22:03.710root 11241100x80000000000000004285393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09202cabca927d02022-01-04 14:22:03.711root 11241100x80000000000000004285394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b134ac70c0ac15e2022-01-04 14:22:03.711root 11241100x80000000000000004285395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc7772f215c58972022-01-04 14:22:03.711root 11241100x80000000000000004285396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d722b8e1a7ec5d2022-01-04 14:22:03.711root 11241100x80000000000000004285397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a2917c965ab8152022-01-04 14:22:03.711root 11241100x80000000000000004285398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31b60d440d98b6e2022-01-04 14:22:03.711root 11241100x80000000000000004285399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b6cef467b9ff7a2022-01-04 14:22:03.711root 11241100x80000000000000004285400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba38438e9761152f2022-01-04 14:22:03.711root 11241100x80000000000000004285401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06880c8340a3f1622022-01-04 14:22:03.712root 11241100x80000000000000004285402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313715a6ff19843d2022-01-04 14:22:03.712root 354300x80000000000000004285403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.113{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41590-false10.0.1.12-8000- 11241100x80000000000000004285404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd5c5627a42b8462022-01-04 14:22:04.113root 11241100x80000000000000004285405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23d3d7b4bc9a4e52022-01-04 14:22:04.113root 11241100x80000000000000004285406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c968fb2de5619c2022-01-04 14:22:04.114root 11241100x80000000000000004285407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91394b3836ebecd2022-01-04 14:22:04.114root 11241100x80000000000000004285408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c0ee2061007182022-01-04 14:22:04.114root 11241100x80000000000000004285409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4be33a499ffc9972022-01-04 14:22:04.114root 11241100x80000000000000004285410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3cfafa6391170e2022-01-04 14:22:04.114root 11241100x80000000000000004285411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21430a74140da7342022-01-04 14:22:04.114root 11241100x80000000000000004285412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f59e3d42cc4129c2022-01-04 14:22:04.114root 11241100x80000000000000004285413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3059bea207a2a3182022-01-04 14:22:04.115root 11241100x80000000000000004285414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84463724c076fa422022-01-04 14:22:04.115root 11241100x80000000000000004285415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56a51bfbd350d2e2022-01-04 14:22:04.115root 11241100x80000000000000004285416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4336df841cab29d72022-01-04 14:22:04.115root 11241100x80000000000000004285417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94a1231159b215e2022-01-04 14:22:04.115root 11241100x80000000000000004285418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa477f112a061e82022-01-04 14:22:04.115root 11241100x80000000000000004285419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aaa192afc793252022-01-04 14:22:04.115root 11241100x80000000000000004285420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aacaa790656d3f2022-01-04 14:22:04.115root 11241100x80000000000000004285421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3de05e4eb6c2b22022-01-04 14:22:04.115root 11241100x80000000000000004285422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6f85c45ac5e67c2022-01-04 14:22:04.115root 11241100x80000000000000004285423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc3b900d43519a72022-01-04 14:22:04.115root 11241100x80000000000000004285424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefc3ff6193c41db2022-01-04 14:22:04.116root 11241100x80000000000000004285425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f307c6a4c1cb86a2022-01-04 14:22:04.116root 11241100x80000000000000004285426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78409520678bd542022-01-04 14:22:04.116root 11241100x80000000000000004285427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360be4d91a226f12022-01-04 14:22:04.116root 11241100x80000000000000004285428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7862163fdd24a7ab2022-01-04 14:22:04.116root 11241100x80000000000000004285429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f549a687fb622e2022-01-04 14:22:04.116root 11241100x80000000000000004285430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd165d2f31f186a2022-01-04 14:22:04.116root 11241100x80000000000000004285431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05820b2d88a2ec772022-01-04 14:22:04.116root 11241100x80000000000000004285432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d3b2e049293ef52022-01-04 14:22:04.116root 11241100x80000000000000004285433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd5a6dff5befd9f2022-01-04 14:22:04.116root 11241100x80000000000000004285434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d28f3b99102ae462022-01-04 14:22:04.117root 11241100x80000000000000004285435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af88d6cb4c67b4e32022-01-04 14:22:04.117root 11241100x80000000000000004285436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9485edc2b2c7562022-01-04 14:22:04.117root 11241100x80000000000000004285437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b8d4343be84b52022-01-04 14:22:04.117root 11241100x80000000000000004285438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6a47dd21da18492022-01-04 14:22:04.117root 11241100x80000000000000004285439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c07f177390a6a72022-01-04 14:22:04.117root 11241100x80000000000000004285440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e37b4ccbd93e0182022-01-04 14:22:04.117root 11241100x80000000000000004285441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2597c646daf40f82022-01-04 14:22:04.118root 11241100x80000000000000004285442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e8f1707b7b13af2022-01-04 14:22:04.118root 11241100x80000000000000004285443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f4ad6870b447922022-01-04 14:22:04.118root 11241100x80000000000000004285444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efda5d2382fb38582022-01-04 14:22:04.118root 11241100x80000000000000004285445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be55a7afbd3499b2022-01-04 14:22:04.118root 11241100x80000000000000004285446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626b72e820e23152022-01-04 14:22:04.118root 11241100x80000000000000004285447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac2409b9794f3b2022-01-04 14:22:04.118root 11241100x80000000000000004285448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13d30cdab82d5c22022-01-04 14:22:04.118root 11241100x80000000000000004285449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.119{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2299af0714365bdc2022-01-04 14:22:04.119root 11241100x80000000000000004285450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.119{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9051ff7460d1b7602022-01-04 14:22:04.119root 23542300x80000000000000004285451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004285452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db973e738a56c2912022-01-04 14:22:04.459root 11241100x80000000000000004285453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d478f2d0b03a77092022-01-04 14:22:04.459root 11241100x80000000000000004285454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dc6029b42395942022-01-04 14:22:04.459root 11241100x80000000000000004285455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1824f711cb3a85622022-01-04 14:22:04.460root 11241100x80000000000000004285456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d1641af4b789cf2022-01-04 14:22:04.460root 11241100x80000000000000004285457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7260c9085c5988b2022-01-04 14:22:04.460root 11241100x80000000000000004285458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe9ca781649c5be2022-01-04 14:22:04.460root 11241100x80000000000000004285459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06d27f8c256d0a12022-01-04 14:22:04.460root 11241100x80000000000000004285460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f8d46c43ae3d652022-01-04 14:22:04.460root 11241100x80000000000000004285461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5768dab41bcf98192022-01-04 14:22:04.460root 11241100x80000000000000004285462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1932b90b198e92f2022-01-04 14:22:04.461root 11241100x80000000000000004285463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f626dbf271745fc2022-01-04 14:22:04.461root 11241100x80000000000000004285464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da0a700f2287bba2022-01-04 14:22:04.461root 11241100x80000000000000004285465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a1aca9325bdf22022-01-04 14:22:04.461root 11241100x80000000000000004285466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d911a11f1e093d1f2022-01-04 14:22:04.461root 11241100x80000000000000004285467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ff1cef282483c02022-01-04 14:22:04.461root 11241100x80000000000000004285468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bac3106f8f6aeac2022-01-04 14:22:04.461root 11241100x80000000000000004285469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a3bfd7697675482022-01-04 14:22:04.461root 11241100x80000000000000004285470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1598c4725a5a8b722022-01-04 14:22:04.461root 11241100x80000000000000004285471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c855e7f88ac56b2022-01-04 14:22:04.462root 11241100x80000000000000004285472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce81d773fd12f862022-01-04 14:22:04.462root 11241100x80000000000000004285473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ecfda70493c9d02022-01-04 14:22:04.462root 11241100x80000000000000004285474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc36d37d65bd0492022-01-04 14:22:04.960root 11241100x80000000000000004285475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e15e08f17d474092022-01-04 14:22:04.960root 11241100x80000000000000004285476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9d431b6a2c97532022-01-04 14:22:04.960root 11241100x80000000000000004285477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e179729fe1edd4af2022-01-04 14:22:04.960root 11241100x80000000000000004285478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8978fd1f0cc0cac2022-01-04 14:22:04.960root 11241100x80000000000000004285479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d6527e1da3cce2022-01-04 14:22:04.960root 11241100x80000000000000004285480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b461662a7623942022-01-04 14:22:04.961root 11241100x80000000000000004285481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b1c0fe8acd37e62022-01-04 14:22:04.961root 11241100x80000000000000004285482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a834e9db6207544e2022-01-04 14:22:04.961root 11241100x80000000000000004285483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b7b421da694eb2022-01-04 14:22:04.961root 11241100x80000000000000004285484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de014935915d3542022-01-04 14:22:04.961root 11241100x80000000000000004285485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145e961628e509e52022-01-04 14:22:04.961root 11241100x80000000000000004285486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f8d4743def9fdd2022-01-04 14:22:04.961root 11241100x80000000000000004285487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e326624360c2902022-01-04 14:22:04.961root 11241100x80000000000000004285488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3922b43cf08211f92022-01-04 14:22:04.961root 11241100x80000000000000004285489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49150bddad4cbd2022-01-04 14:22:04.961root 11241100x80000000000000004285490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adec1caf4213d3f2022-01-04 14:22:04.962root 11241100x80000000000000004285491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac628c88f7c2c5e02022-01-04 14:22:04.962root 11241100x80000000000000004285492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e64af6e3f8116a2022-01-04 14:22:04.962root 11241100x80000000000000004285493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05e955b0a86e2512022-01-04 14:22:04.962root 11241100x80000000000000004285494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bcc1de263b8262022-01-04 14:22:04.962root 11241100x80000000000000004285495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30593e99f764f20c2022-01-04 14:22:04.962root 11241100x80000000000000004285496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920d0420fd8d305f2022-01-04 14:22:05.460root 11241100x80000000000000004285497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a026659ee0501742022-01-04 14:22:05.460root 11241100x80000000000000004285498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a59fe2e203b8da12022-01-04 14:22:05.460root 11241100x80000000000000004285499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fb7854e30f0e4e2022-01-04 14:22:05.460root 11241100x80000000000000004285500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb31f2adb52f4f42022-01-04 14:22:05.461root 11241100x80000000000000004285501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4777dbefe887d072022-01-04 14:22:05.461root 11241100x80000000000000004285502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630f81c7ed0cc6dd2022-01-04 14:22:05.461root 11241100x80000000000000004285503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c549f47f4178932022-01-04 14:22:05.461root 11241100x80000000000000004285504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4300b4a4ccfd2ac92022-01-04 14:22:05.462root 11241100x80000000000000004285505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7504879105fe08432022-01-04 14:22:05.462root 11241100x80000000000000004285506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0077b67598ee662022-01-04 14:22:05.462root 11241100x80000000000000004285507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e126fc7b06ef222022-01-04 14:22:05.462root 11241100x80000000000000004285508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97f77203226c632022-01-04 14:22:05.462root 11241100x80000000000000004285509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ab3ad32e0841692022-01-04 14:22:05.462root 11241100x80000000000000004285510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12c57fc4445a3a62022-01-04 14:22:05.463root 11241100x80000000000000004285511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2277409c38351a2022-01-04 14:22:05.463root 11241100x80000000000000004285512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8f254a63c9f36c2022-01-04 14:22:05.463root 11241100x80000000000000004285513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb7d1605b31d982022-01-04 14:22:05.463root 11241100x80000000000000004285514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f681f3d9a43f5012022-01-04 14:22:05.464root 11241100x80000000000000004285515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e7e070abcb567f2022-01-04 14:22:05.465root 11241100x80000000000000004285516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5219f03958696f2022-01-04 14:22:05.465root 11241100x80000000000000004285517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39dd229cb01ae682022-01-04 14:22:05.465root 11241100x80000000000000004285518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6444a3333853b4b2022-01-04 14:22:05.465root 11241100x80000000000000004285519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab5daa14df2b7242022-01-04 14:22:05.465root 11241100x80000000000000004285520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6481aa8991a54e912022-01-04 14:22:05.465root 11241100x80000000000000004285521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad31c6004753ec3c2022-01-04 14:22:05.465root 11241100x80000000000000004285522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa95239892777972022-01-04 14:22:05.465root 11241100x80000000000000004285523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fcf28e41b50362022-01-04 14:22:05.465root 11241100x80000000000000004285524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aad0eabfbdca8f2022-01-04 14:22:05.465root 11241100x80000000000000004285525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cdedde15e9ecef2022-01-04 14:22:05.465root 11241100x80000000000000004285526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ebece52273660d2022-01-04 14:22:05.465root 11241100x80000000000000004285527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ea3c5e9144281d2022-01-04 14:22:05.466root 11241100x80000000000000004285528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01be35daf217b7b72022-01-04 14:22:05.959root 11241100x80000000000000004285529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22df3005b523a22022-01-04 14:22:05.960root 11241100x80000000000000004285530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70714851911613792022-01-04 14:22:05.960root 11241100x80000000000000004285531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10190ba89a35b3aa2022-01-04 14:22:05.960root 11241100x80000000000000004285532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58b3cff853c84cf2022-01-04 14:22:05.960root 11241100x80000000000000004285533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727730df4696097a2022-01-04 14:22:05.960root 11241100x80000000000000004285534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a0c5bfee400f7d2022-01-04 14:22:05.960root 11241100x80000000000000004285535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06037ea6eac0c0f02022-01-04 14:22:05.960root 11241100x80000000000000004285536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae29da64066616c02022-01-04 14:22:05.960root 11241100x80000000000000004285537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ea98f9fbffd85e2022-01-04 14:22:05.960root 11241100x80000000000000004285538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9871bf2500a87412022-01-04 14:22:05.960root 11241100x80000000000000004285539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05513eb2b678ac362022-01-04 14:22:05.961root 11241100x80000000000000004285540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1216015e6f526e82022-01-04 14:22:05.961root 11241100x80000000000000004285541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de405dd7d08d60f62022-01-04 14:22:05.961root 11241100x80000000000000004285542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eb1498ed85d3a62022-01-04 14:22:05.961root 11241100x80000000000000004285543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04835abe08a84432022-01-04 14:22:05.961root 11241100x80000000000000004285544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3fd9a304edb5b72022-01-04 14:22:05.961root 11241100x80000000000000004285545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574304ceae1743f72022-01-04 14:22:05.961root 11241100x80000000000000004285546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aafcf776551edc2022-01-04 14:22:05.961root 11241100x80000000000000004285547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11186d60e1ff9ce2022-01-04 14:22:05.961root 11241100x80000000000000004285548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34832c0fb138add2022-01-04 14:22:05.961root 11241100x80000000000000004285549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e82528be1d0f8e2022-01-04 14:22:05.961root 11241100x80000000000000004285550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7927f93acdf10542022-01-04 14:22:06.459root 11241100x80000000000000004285551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6185aeaa218e15152022-01-04 14:22:06.460root 11241100x80000000000000004285552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8734b090bbc291262022-01-04 14:22:06.460root 11241100x80000000000000004285553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc06fdc4af6975f2022-01-04 14:22:06.460root 11241100x80000000000000004285554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3787f0dd4b92d412022-01-04 14:22:06.460root 11241100x80000000000000004285555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c4d9eb61e889002022-01-04 14:22:06.460root 11241100x80000000000000004285556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f7613701ef621f2022-01-04 14:22:06.460root 11241100x80000000000000004285557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90be965ad0445b82022-01-04 14:22:06.461root 11241100x80000000000000004285558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3a9277a100fa582022-01-04 14:22:06.461root 11241100x80000000000000004285559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c7538d3f15b57a2022-01-04 14:22:06.461root 11241100x80000000000000004285560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254ad3767e2db48f2022-01-04 14:22:06.461root 11241100x80000000000000004285561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d982225d477caf692022-01-04 14:22:06.461root 11241100x80000000000000004285562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49afe9061c24302022-01-04 14:22:06.461root 11241100x80000000000000004285563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfce3e6b32faa1652022-01-04 14:22:06.461root 11241100x80000000000000004285564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e88b0bce19de422022-01-04 14:22:06.461root 11241100x80000000000000004285565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7259304af1fd9d02022-01-04 14:22:06.462root 11241100x80000000000000004285566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61dea526520928b2022-01-04 14:22:06.462root 11241100x80000000000000004285567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d04cf367d8170f2022-01-04 14:22:06.462root 11241100x80000000000000004285568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5a253f50cd8a862022-01-04 14:22:06.462root 11241100x80000000000000004285569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eccec41620eb13f2022-01-04 14:22:06.462root 11241100x80000000000000004285570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e729bc07c121b92022-01-04 14:22:06.462root 11241100x80000000000000004285571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a283b5dcae76ba42022-01-04 14:22:06.462root 11241100x80000000000000004285572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594f08370bcbd5692022-01-04 14:22:06.960root 11241100x80000000000000004285573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ff4d2e88310e7f2022-01-04 14:22:06.960root 11241100x80000000000000004285574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a742f33f6b44468c2022-01-04 14:22:06.960root 11241100x80000000000000004285575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e24b999d7910de52022-01-04 14:22:06.960root 11241100x80000000000000004285576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2902f0fd8c33d7e52022-01-04 14:22:06.960root 11241100x80000000000000004285577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2f0112c670f0012022-01-04 14:22:06.960root 11241100x80000000000000004285578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c1be031fa0b8412022-01-04 14:22:06.961root 11241100x80000000000000004285579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db774eff8356bf02022-01-04 14:22:06.961root 11241100x80000000000000004285580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb55e53ecdd2d122022-01-04 14:22:06.961root 11241100x80000000000000004285581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ece7e120430b6c2022-01-04 14:22:06.961root 11241100x80000000000000004285582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cc3fd0dc35145c2022-01-04 14:22:06.961root 11241100x80000000000000004285583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390213477d34538f2022-01-04 14:22:06.961root 11241100x80000000000000004285584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ec81e266796c9a2022-01-04 14:22:06.961root 11241100x80000000000000004285585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdcad59a08df3392022-01-04 14:22:06.961root 11241100x80000000000000004285586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b0935da662b69b2022-01-04 14:22:06.961root 11241100x80000000000000004285587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d47f3e61b2113d2022-01-04 14:22:06.961root 11241100x80000000000000004285588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e483184557603b92022-01-04 14:22:06.962root 11241100x80000000000000004285589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca64315c26d025d2022-01-04 14:22:06.962root 11241100x80000000000000004285590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5d42b37f5193b62022-01-04 14:22:06.962root 11241100x80000000000000004285591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4185d1c8cb3cb12022-01-04 14:22:06.963root 11241100x80000000000000004285592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738800524e8da9862022-01-04 14:22:06.963root 11241100x80000000000000004285593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:06.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836c88b7530acfb2022-01-04 14:22:06.963root 11241100x80000000000000004285594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91352ec4767b556d2022-01-04 14:22:07.459root 11241100x80000000000000004285595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e985feb473accfc2022-01-04 14:22:07.459root 11241100x80000000000000004285596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6826cf8e7c1fb5392022-01-04 14:22:07.459root 11241100x80000000000000004285597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d2729dc0d8cb092022-01-04 14:22:07.459root 11241100x80000000000000004285598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3792eb848ceece2022-01-04 14:22:07.460root 11241100x80000000000000004285599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7415bf6d856efe602022-01-04 14:22:07.460root 11241100x80000000000000004285600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98522a3a2d4211052022-01-04 14:22:07.460root 11241100x80000000000000004285601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8370588bf74bdf2022-01-04 14:22:07.460root 11241100x80000000000000004285602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5bea35df18fb582022-01-04 14:22:07.460root 11241100x80000000000000004285603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a31a94584576d9b2022-01-04 14:22:07.460root 11241100x80000000000000004285604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcde71d85d8dfacf2022-01-04 14:22:07.460root 11241100x80000000000000004285605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054813b7232314812022-01-04 14:22:07.460root 11241100x80000000000000004285606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353bbe490c063c702022-01-04 14:22:07.461root 11241100x80000000000000004285607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d23f4146bcd9d22022-01-04 14:22:07.461root 11241100x80000000000000004285608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f5615519ad9ebd2022-01-04 14:22:07.461root 11241100x80000000000000004285609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f55716c7bf26dbf2022-01-04 14:22:07.461root 11241100x80000000000000004285610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3600ad1a113bd35e2022-01-04 14:22:07.461root 11241100x80000000000000004285611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b91d67db7216be2022-01-04 14:22:07.461root 11241100x80000000000000004285612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee59e5c2f47e4dd42022-01-04 14:22:07.461root 11241100x80000000000000004285613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76113a842f089d922022-01-04 14:22:07.461root 11241100x80000000000000004285614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25464e8fc7622d952022-01-04 14:22:07.462root 11241100x80000000000000004285615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77269041c678dd872022-01-04 14:22:07.462root 11241100x80000000000000004285616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7eb7f9f10de2102022-01-04 14:22:07.462root 11241100x80000000000000004285617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e4ffbf2058f79e2022-01-04 14:22:07.959root 11241100x80000000000000004285618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1facb9ef904ba8a2022-01-04 14:22:07.960root 11241100x80000000000000004285619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd837300c9545092022-01-04 14:22:07.960root 11241100x80000000000000004285620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5008a806a6ccb502022-01-04 14:22:07.960root 11241100x80000000000000004285621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619ce85cad7a52262022-01-04 14:22:07.960root 11241100x80000000000000004285622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b548dab7eae63d2022-01-04 14:22:07.960root 11241100x80000000000000004285623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568b160ebc82cf92022-01-04 14:22:07.960root 11241100x80000000000000004285624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13edfe70e2c0b142022-01-04 14:22:07.960root 11241100x80000000000000004285625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998879760b6f88dd2022-01-04 14:22:07.960root 11241100x80000000000000004285626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e22e7fa3a8a7902022-01-04 14:22:07.961root 11241100x80000000000000004285627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e44112a729676e2022-01-04 14:22:07.961root 11241100x80000000000000004285628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661cc58f172917022022-01-04 14:22:07.961root 11241100x80000000000000004285629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd00ece308dd51502022-01-04 14:22:07.961root 11241100x80000000000000004285630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca979c3525c8259b2022-01-04 14:22:07.961root 11241100x80000000000000004285631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbff225f3520103a2022-01-04 14:22:07.961root 11241100x80000000000000004285632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fe5a5dadad8d912022-01-04 14:22:07.961root 11241100x80000000000000004285633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa54838a70f848ee2022-01-04 14:22:07.961root 11241100x80000000000000004285634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae16c0bbbfd5b77a2022-01-04 14:22:07.961root 11241100x80000000000000004285635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d8645abbf5a642022-01-04 14:22:07.962root 11241100x80000000000000004285636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40c2eed99353be72022-01-04 14:22:07.962root 11241100x80000000000000004285637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42560aba729e8f2022-01-04 14:22:07.962root 11241100x80000000000000004285638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6df76bba54b7bd32022-01-04 14:22:07.962root 11241100x80000000000000004285639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8a95f988165b282022-01-04 14:22:08.459root 11241100x80000000000000004285640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65637e418f631d832022-01-04 14:22:08.459root 11241100x80000000000000004285641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c8be60ec44cb6a2022-01-04 14:22:08.459root 11241100x80000000000000004285642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befd7d81fd143b292022-01-04 14:22:08.459root 11241100x80000000000000004285643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611a9f267acae8f72022-01-04 14:22:08.460root 11241100x80000000000000004285644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964a5173b7833cc62022-01-04 14:22:08.460root 11241100x80000000000000004285645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460ce1216d333e092022-01-04 14:22:08.460root 11241100x80000000000000004285646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bdf6f574d0a64b2022-01-04 14:22:08.460root 11241100x80000000000000004285647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f862d65407a190262022-01-04 14:22:08.460root 11241100x80000000000000004285648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca807952ff9242f2022-01-04 14:22:08.460root 11241100x80000000000000004285649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd578b89b7609b62022-01-04 14:22:08.460root 11241100x80000000000000004285650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caa12e3dcf2f26f2022-01-04 14:22:08.460root 11241100x80000000000000004285651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c411499cb2fefe32022-01-04 14:22:08.460root 11241100x80000000000000004285652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25256318ed8e58a82022-01-04 14:22:08.460root 11241100x80000000000000004285653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32da892c95ecc1d2022-01-04 14:22:08.461root 11241100x80000000000000004285654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4078ea7e775d1232022-01-04 14:22:08.461root 11241100x80000000000000004285655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b2a1245df26052022-01-04 14:22:08.461root 11241100x80000000000000004285656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eea31f9152446d2022-01-04 14:22:08.461root 11241100x80000000000000004285657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd13c1f7a8d2fdb12022-01-04 14:22:08.461root 11241100x80000000000000004285658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169fd791b15c3e402022-01-04 14:22:08.462root 11241100x80000000000000004285659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a2beb9724867722022-01-04 14:22:08.462root 11241100x80000000000000004285660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cac7d4eac289922022-01-04 14:22:08.462root 11241100x80000000000000004285661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab7581aaf177bdf2022-01-04 14:22:08.462root 11241100x80000000000000004285662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5bb4a6f7953ac82022-01-04 14:22:08.462root 11241100x80000000000000004285663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb5580be68a6232022-01-04 14:22:08.462root 11241100x80000000000000004285664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6278e1d12379026f2022-01-04 14:22:08.462root 11241100x80000000000000004285665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e7629e34a3324d2022-01-04 14:22:08.462root 11241100x80000000000000004285666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1577035d1761ce522022-01-04 14:22:08.462root 11241100x80000000000000004285667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167e5e9beb0d8e182022-01-04 14:22:08.462root 11241100x80000000000000004285668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a928c73aefc8c4d2022-01-04 14:22:08.462root 11241100x80000000000000004285669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abfdd73ce45714e2022-01-04 14:22:08.463root 11241100x80000000000000004285670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed40fc0c2a63d88d2022-01-04 14:22:08.463root 11241100x80000000000000004285671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19658028c594743d2022-01-04 14:22:08.463root 154100x80000000000000004285672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.882{ec2e79f3-5810-61d4-6844-b9868e550000}15007/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000004285673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c938254be426df4a2022-01-04 14:22:08.883root 11241100x80000000000000004285674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d790dc37022f2742022-01-04 14:22:08.884root 11241100x80000000000000004285675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469b63318a827a282022-01-04 14:22:08.884root 11241100x80000000000000004285676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be979880070ddd12022-01-04 14:22:08.884root 11241100x80000000000000004285677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541571d50236de952022-01-04 14:22:08.884root 11241100x80000000000000004285678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5363014217ba022022-01-04 14:22:08.884root 11241100x80000000000000004285679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a1f15483cda25c2022-01-04 14:22:08.884root 11241100x80000000000000004285680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71bba8c1ed3205e2022-01-04 14:22:08.884root 11241100x80000000000000004285681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c640122cbcbb3a82022-01-04 14:22:08.884root 11241100x80000000000000004285682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170f928f27a1f4292022-01-04 14:22:08.885root 11241100x80000000000000004285683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7ac5068b15fe272022-01-04 14:22:08.885root 11241100x80000000000000004285684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd115780b6ab13042022-01-04 14:22:08.885root 11241100x80000000000000004285685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad32309ef75f0092022-01-04 14:22:08.885root 11241100x80000000000000004285686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e367bbb51ba7823d2022-01-04 14:22:08.885root 11241100x80000000000000004285687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a8e48a20293002022-01-04 14:22:08.885root 11241100x80000000000000004285688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e509fb92072c665c2022-01-04 14:22:08.886root 11241100x80000000000000004285689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71b74cccef546f82022-01-04 14:22:08.886root 11241100x80000000000000004285690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97ec80d10b51a382022-01-04 14:22:08.886root 11241100x80000000000000004285691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45436ba1097516d42022-01-04 14:22:08.886root 11241100x80000000000000004285692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2f5b36d5e63c722022-01-04 14:22:08.887root 11241100x80000000000000004285693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f13a0a0b16fb3b2022-01-04 14:22:08.887root 11241100x80000000000000004285694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957379a72f0f18922022-01-04 14:22:08.887root 11241100x80000000000000004285695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f049e3974b167b2022-01-04 14:22:08.887root 11241100x80000000000000004285696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e6e426d074c1eb2022-01-04 14:22:08.887root 11241100x80000000000000004285697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10409a7761f0984b2022-01-04 14:22:08.887root 11241100x80000000000000004285698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7267f3de3c4526de2022-01-04 14:22:08.887root 11241100x80000000000000004285699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cf57694509c6ec2022-01-04 14:22:08.887root 11241100x80000000000000004285700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490def4c6632ced82022-01-04 14:22:08.888root 534500x80000000000000004285701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:08.895{ec2e79f3-5810-61d4-6844-b9868e550000}15007/bin/psroot 11241100x80000000000000004285702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b2271df5ae70e22022-01-04 14:22:09.209root 11241100x80000000000000004285703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1441064e4fa29682022-01-04 14:22:09.210root 11241100x80000000000000004285704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460e1d0ed647af902022-01-04 14:22:09.210root 11241100x80000000000000004285705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3815824a73a356cd2022-01-04 14:22:09.210root 11241100x80000000000000004285706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb323137c6f25f722022-01-04 14:22:09.210root 11241100x80000000000000004285707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e826160bf6ec4c12022-01-04 14:22:09.210root 11241100x80000000000000004285708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b264d34292adf4e52022-01-04 14:22:09.210root 11241100x80000000000000004285709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a6130331fb031b2022-01-04 14:22:09.210root 11241100x80000000000000004285710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb682128a0a466b2022-01-04 14:22:09.210root 11241100x80000000000000004285711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16337f742ce1ba72022-01-04 14:22:09.210root 11241100x80000000000000004285712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19ee31cee7fea852022-01-04 14:22:09.210root 11241100x80000000000000004285713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bcb85ab42dd2a22022-01-04 14:22:09.210root 11241100x80000000000000004285714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f415bbf35c6116e52022-01-04 14:22:09.211root 11241100x80000000000000004285715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9596773fcbb6000a2022-01-04 14:22:09.211root 11241100x80000000000000004285716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138ecec5c6cca3672022-01-04 14:22:09.211root 11241100x80000000000000004285717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a807f0178b6f942022-01-04 14:22:09.211root 11241100x80000000000000004285718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43761f43daaebf152022-01-04 14:22:09.211root 11241100x80000000000000004285719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4ee17d5aabbd9b2022-01-04 14:22:09.211root 11241100x80000000000000004285720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ad68c93ead473a2022-01-04 14:22:09.211root 11241100x80000000000000004285721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42686c890fd22c412022-01-04 14:22:09.211root 11241100x80000000000000004285722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4cfc8cb1dc67022022-01-04 14:22:09.211root 11241100x80000000000000004285723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9495ee8737696fe42022-01-04 14:22:09.211root 11241100x80000000000000004285724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada1fa9f027dcaa42022-01-04 14:22:09.211root 11241100x80000000000000004285725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0190884177cbcbda2022-01-04 14:22:09.211root 11241100x80000000000000004285726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c318a39e0410092022-01-04 14:22:09.709root 11241100x80000000000000004285727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e79c9b675674f3f2022-01-04 14:22:09.710root 11241100x80000000000000004285728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0df5de642396352022-01-04 14:22:09.710root 11241100x80000000000000004285729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62277368e8efe692022-01-04 14:22:09.710root 11241100x80000000000000004285730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd940bcd7d7a5422022-01-04 14:22:09.710root 11241100x80000000000000004285731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27167af1641f472e2022-01-04 14:22:09.710root 11241100x80000000000000004285732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2575a178b9f99b512022-01-04 14:22:09.710root 11241100x80000000000000004285733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceab9c012d8753c2022-01-04 14:22:09.710root 11241100x80000000000000004285734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b96efb127ce4cc2022-01-04 14:22:09.710root 11241100x80000000000000004285735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e54629576f0ccc2022-01-04 14:22:09.710root 11241100x80000000000000004285736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ccd9f082c11dce2022-01-04 14:22:09.710root 11241100x80000000000000004285737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d025c747a8c13b2022-01-04 14:22:09.711root 11241100x80000000000000004285738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0bd91f59976d162022-01-04 14:22:09.711root 11241100x80000000000000004285739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d6079f1d665f532022-01-04 14:22:09.711root 11241100x80000000000000004285740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e180fe6ff954d7372022-01-04 14:22:09.711root 11241100x80000000000000004285741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02765dd8ac60f5152022-01-04 14:22:09.711root 11241100x80000000000000004285742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88828f6fc2238da2022-01-04 14:22:09.711root 11241100x80000000000000004285743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc59d92c50c0d882022-01-04 14:22:09.711root 11241100x80000000000000004285744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fefbc5c5692c03f2022-01-04 14:22:09.711root 11241100x80000000000000004285745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4be487fe1f1f7c2022-01-04 14:22:09.711root 11241100x80000000000000004285746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d55fa022e81b9e2022-01-04 14:22:09.711root 11241100x80000000000000004285747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f10a2948e6e8db2022-01-04 14:22:09.711root 11241100x80000000000000004285748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0e5da7872fbf2c2022-01-04 14:22:09.712root 11241100x80000000000000004285749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa3acb905cd5dc12022-01-04 14:22:09.712root 354300x80000000000000004285750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.021{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41592-false10.0.1.12-8000- 11241100x80000000000000004285751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1b3bdbfe9155312022-01-04 14:22:10.022root 11241100x80000000000000004285752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a4828ebda77d352022-01-04 14:22:10.023root 11241100x80000000000000004285753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662269378f51e0ef2022-01-04 14:22:10.023root 11241100x80000000000000004285754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b72cacf44e19322022-01-04 14:22:10.023root 11241100x80000000000000004285755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920eeea7215f58182022-01-04 14:22:10.023root 11241100x80000000000000004285756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696468c40751c4192022-01-04 14:22:10.023root 11241100x80000000000000004285757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f79e91ef8b55dd2022-01-04 14:22:10.023root 11241100x80000000000000004285758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9940c1c799ef4da2022-01-04 14:22:10.023root 11241100x80000000000000004285759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4030e2ff6b30ce42022-01-04 14:22:10.024root 11241100x80000000000000004285760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ee5a1d376dab9f2022-01-04 14:22:10.024root 11241100x80000000000000004285761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e7fdb4bd9b10582022-01-04 14:22:10.024root 11241100x80000000000000004285762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fb92571d634bb42022-01-04 14:22:10.024root 11241100x80000000000000004285763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf86e3a8efa6b1de2022-01-04 14:22:10.024root 11241100x80000000000000004285764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca0638b8a63b4232022-01-04 14:22:10.024root 11241100x80000000000000004285765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ddcc654265676f2022-01-04 14:22:10.024root 11241100x80000000000000004285766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa08e720843475f22022-01-04 14:22:10.024root 11241100x80000000000000004285767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f7b8e6fbc205a42022-01-04 14:22:10.024root 11241100x80000000000000004285768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158f892f65e0a2012022-01-04 14:22:10.024root 11241100x80000000000000004285769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce23f0a1096845c2022-01-04 14:22:10.024root 11241100x80000000000000004285770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4114d7981596502022-01-04 14:22:10.024root 11241100x80000000000000004285771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a65738c4e16fb332022-01-04 14:22:10.024root 11241100x80000000000000004285772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2003c40aeea5bdc2022-01-04 14:22:10.025root 11241100x80000000000000004285773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777e516c0e261a132022-01-04 14:22:10.025root 11241100x80000000000000004285774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607d9713abfe050b2022-01-04 14:22:10.025root 11241100x80000000000000004285775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33c8a29df8fd88d2022-01-04 14:22:10.025root 11241100x80000000000000004285776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d265b724375ff72022-01-04 14:22:10.459root 11241100x80000000000000004285777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f6cc0752d37bbc2022-01-04 14:22:10.459root 11241100x80000000000000004285778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb839dfcb3f672ed2022-01-04 14:22:10.459root 11241100x80000000000000004285779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa3ec3c0f256b5e2022-01-04 14:22:10.460root 11241100x80000000000000004285780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1ba7221e8cc9b92022-01-04 14:22:10.460root 11241100x80000000000000004285781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d09c27002e6d01e2022-01-04 14:22:10.460root 11241100x80000000000000004285782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea00dc0d4ef74aa2022-01-04 14:22:10.460root 11241100x80000000000000004285783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0936740c5d40cb292022-01-04 14:22:10.460root 11241100x80000000000000004285784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfa42a64fb672212022-01-04 14:22:10.460root 11241100x80000000000000004285785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0656c18b66a02c712022-01-04 14:22:10.460root 11241100x80000000000000004285786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8ddac1dfc19342022-01-04 14:22:10.460root 11241100x80000000000000004285787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9455904af871df542022-01-04 14:22:10.460root 11241100x80000000000000004285788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d634d4ef466a742022-01-04 14:22:10.460root 11241100x80000000000000004285789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf84f31d5d5a04b2022-01-04 14:22:10.460root 11241100x80000000000000004285790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb7ed63f78e714f2022-01-04 14:22:10.460root 11241100x80000000000000004285791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e3e4aeadd98b4d2022-01-04 14:22:10.460root 11241100x80000000000000004285792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7ab6389c1802592022-01-04 14:22:10.461root 11241100x80000000000000004285793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eb98611d4c6d912022-01-04 14:22:10.461root 11241100x80000000000000004285794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ffc3d21d6779452022-01-04 14:22:10.461root 11241100x80000000000000004285795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8909e3543bff4edc2022-01-04 14:22:10.461root 11241100x80000000000000004285796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b49aa405b013e32022-01-04 14:22:10.461root 11241100x80000000000000004285797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6203e827550825342022-01-04 14:22:10.461root 11241100x80000000000000004285798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42ce1d25a4bc1942022-01-04 14:22:10.461root 11241100x80000000000000004285799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d807e5fe449d942022-01-04 14:22:10.461root 11241100x80000000000000004285800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eca29fc2a666232022-01-04 14:22:10.461root 11241100x80000000000000004285801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c8c23d00128df82022-01-04 14:22:10.959root 11241100x80000000000000004285802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84d231fc3cc11072022-01-04 14:22:10.959root 11241100x80000000000000004285803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b5744a5fdf0af2022-01-04 14:22:10.959root 11241100x80000000000000004285804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2269ca549bcd1a732022-01-04 14:22:10.959root 11241100x80000000000000004285805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b227ea3576b269b2022-01-04 14:22:10.959root 11241100x80000000000000004285806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707ebc7d5d4597832022-01-04 14:22:10.960root 11241100x80000000000000004285807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaa251e0e80582a2022-01-04 14:22:10.960root 11241100x80000000000000004285808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1367075cf4acb32022-01-04 14:22:10.960root 11241100x80000000000000004285809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba507ff81355bd182022-01-04 14:22:10.960root 11241100x80000000000000004285810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987835ecd0982ace2022-01-04 14:22:10.960root 11241100x80000000000000004285811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39768b9c4f0d62e2022-01-04 14:22:10.960root 11241100x80000000000000004285812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8d1c070d6febcc2022-01-04 14:22:10.960root 11241100x80000000000000004285813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24abfab719b86bd2022-01-04 14:22:10.960root 11241100x80000000000000004285814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695fe6194d53fb042022-01-04 14:22:10.961root 11241100x80000000000000004285815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54218614841d26b2022-01-04 14:22:10.961root 11241100x80000000000000004285816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb524f6ae4289b9f2022-01-04 14:22:10.961root 11241100x80000000000000004285817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8deddd353b8eed2022-01-04 14:22:10.961root 11241100x80000000000000004285818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efe49ccea42b33e2022-01-04 14:22:10.961root 11241100x80000000000000004285819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e8ed1df1722da32022-01-04 14:22:10.961root 11241100x80000000000000004285820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec5b058df7a766d2022-01-04 14:22:10.961root 11241100x80000000000000004285821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fe3e18e5f604ff2022-01-04 14:22:10.962root 11241100x80000000000000004285822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2493bcfadd95f62022-01-04 14:22:10.962root 11241100x80000000000000004285823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f115bf835cced8b62022-01-04 14:22:10.962root 11241100x80000000000000004285824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d59d38efe8f81732022-01-04 14:22:10.962root 11241100x80000000000000004285825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0ddca093ab5d492022-01-04 14:22:10.962root 11241100x80000000000000004285826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa42ce13c3bdd7852022-01-04 14:22:10.962root 11241100x80000000000000004285827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eccc3c6e27a1f552022-01-04 14:22:10.962root 11241100x80000000000000004285828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157eeb6d0affc6722022-01-04 14:22:10.962root 11241100x80000000000000004285829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daefe9ee561dd6682022-01-04 14:22:11.460root 11241100x80000000000000004285830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aaf4328d8580d32022-01-04 14:22:11.460root 11241100x80000000000000004285831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a81d00b0d085462022-01-04 14:22:11.460root 11241100x80000000000000004285832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8fbe8b7ae3bc72022-01-04 14:22:11.460root 11241100x80000000000000004285833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c835c7ba436e778e2022-01-04 14:22:11.460root 11241100x80000000000000004285834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93ecf90c55be8e12022-01-04 14:22:11.460root 11241100x80000000000000004285835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08e1b01a17a64b72022-01-04 14:22:11.460root 11241100x80000000000000004285836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64ef9353c8336342022-01-04 14:22:11.461root 11241100x80000000000000004285837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53977f019a5b3b252022-01-04 14:22:11.461root 11241100x80000000000000004285838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78d48f0d12a73c42022-01-04 14:22:11.461root 11241100x80000000000000004285839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309a0e8b318eb0742022-01-04 14:22:11.461root 11241100x80000000000000004285840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b9efd308e30552022-01-04 14:22:11.461root 11241100x80000000000000004285841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae759676b8e23ea2022-01-04 14:22:11.461root 11241100x80000000000000004285842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d998ea2d75958c2022-01-04 14:22:11.461root 11241100x80000000000000004285843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bcaf1c0ceafa2a2022-01-04 14:22:11.462root 11241100x80000000000000004285844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdd9f0e554f92f42022-01-04 14:22:11.462root 11241100x80000000000000004285845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf6240756bbdbab2022-01-04 14:22:11.462root 11241100x80000000000000004285846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6525ec144711bcc22022-01-04 14:22:11.462root 11241100x80000000000000004285847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72699ea53f731c562022-01-04 14:22:11.462root 11241100x80000000000000004285848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975898977f0c19e52022-01-04 14:22:11.462root 11241100x80000000000000004285849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f494740d04de71882022-01-04 14:22:11.462root 11241100x80000000000000004285850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dcd09a9b88787f2022-01-04 14:22:11.462root 11241100x80000000000000004285851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d30ca7504383142022-01-04 14:22:11.462root 11241100x80000000000000004285852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfff3e868015e3022022-01-04 14:22:11.462root 11241100x80000000000000004285853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a57389c1a86957c2022-01-04 14:22:11.463root 11241100x80000000000000004285854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708379a2ad13adc12022-01-04 14:22:11.960root 11241100x80000000000000004285855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0c0e508707f1782022-01-04 14:22:11.960root 11241100x80000000000000004285856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dd1b101e8fa1d52022-01-04 14:22:11.960root 11241100x80000000000000004285857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36275ac4ea1dbfc52022-01-04 14:22:11.960root 11241100x80000000000000004285858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a930c91c1cc186c2022-01-04 14:22:11.960root 11241100x80000000000000004285859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006478c6d4e96e742022-01-04 14:22:11.960root 11241100x80000000000000004285860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae44ae6429b98402022-01-04 14:22:11.960root 11241100x80000000000000004285861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4795ba943a411e2022-01-04 14:22:11.960root 11241100x80000000000000004285862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d8b76e464b0eb2022-01-04 14:22:11.960root 11241100x80000000000000004285863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7ac41039db850f2022-01-04 14:22:11.961root 11241100x80000000000000004285864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141ecfd2eb7af3f92022-01-04 14:22:11.961root 11241100x80000000000000004285865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399f56cc3159dc902022-01-04 14:22:11.961root 11241100x80000000000000004285866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ccdd7b8186c41a2022-01-04 14:22:11.961root 11241100x80000000000000004285867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d29411d555097e52022-01-04 14:22:11.961root 11241100x80000000000000004285868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf061a34d18a37142022-01-04 14:22:11.961root 11241100x80000000000000004285869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b10393f1f62662c2022-01-04 14:22:11.961root 11241100x80000000000000004285870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8912d8f3c1b07892022-01-04 14:22:11.961root 11241100x80000000000000004285871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7785ec92c40ecac12022-01-04 14:22:11.961root 11241100x80000000000000004285872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0016d9d71f9f592022-01-04 14:22:11.961root 11241100x80000000000000004285873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583220c3ca777f8d2022-01-04 14:22:11.962root 11241100x80000000000000004285874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a4822631354b2c2022-01-04 14:22:11.962root 11241100x80000000000000004285875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0031ff16e7417512022-01-04 14:22:11.962root 11241100x80000000000000004285876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8d0e1444ac337c2022-01-04 14:22:11.962root 11241100x80000000000000004285877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b8466fb196b35d2022-01-04 14:22:11.962root 11241100x80000000000000004285878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:11.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8742db0ec4227ec2022-01-04 14:22:11.962root 11241100x80000000000000004285879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e58b5254a2101c2022-01-04 14:22:12.459root 11241100x80000000000000004285880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e3dc2b291b5fc2022-01-04 14:22:12.459root 11241100x80000000000000004285881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5440604ea50cb512022-01-04 14:22:12.459root 11241100x80000000000000004285882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ba98e5efc70e312022-01-04 14:22:12.459root 11241100x80000000000000004285883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feffd4ba1337e3d72022-01-04 14:22:12.459root 11241100x80000000000000004285884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e2f18dd2b1af6b2022-01-04 14:22:12.459root 11241100x80000000000000004285885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe6947dcfdb723b2022-01-04 14:22:12.460root 11241100x80000000000000004285886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a2e2b11cc9df92022-01-04 14:22:12.460root 11241100x80000000000000004285887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f133484057596122022-01-04 14:22:12.460root 11241100x80000000000000004285888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbc52bf1b1b07622022-01-04 14:22:12.460root 11241100x80000000000000004285889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43377897f11ecccf2022-01-04 14:22:12.460root 11241100x80000000000000004285890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535774dafa03d9982022-01-04 14:22:12.460root 11241100x80000000000000004285891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783435cc67101b532022-01-04 14:22:12.460root 11241100x80000000000000004285892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7ba3647ae6cab12022-01-04 14:22:12.460root 11241100x80000000000000004285893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894978116623a9212022-01-04 14:22:12.460root 11241100x80000000000000004285894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9046ce3eab5875a42022-01-04 14:22:12.460root 11241100x80000000000000004285895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8067f8339fb706e2022-01-04 14:22:12.461root 11241100x80000000000000004285896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f1f25f8492d6092022-01-04 14:22:12.462root 11241100x80000000000000004285897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043ad93fac149f8b2022-01-04 14:22:12.462root 11241100x80000000000000004285898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f1cfaf874b50072022-01-04 14:22:12.462root 11241100x80000000000000004285899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef88df4c06c4f2c52022-01-04 14:22:12.462root 11241100x80000000000000004285900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80f7f1d93e678102022-01-04 14:22:12.462root 11241100x80000000000000004285901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96360c4c2129ebcf2022-01-04 14:22:12.463root 11241100x80000000000000004285902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0559fed24aa6aa1b2022-01-04 14:22:12.463root 11241100x80000000000000004285903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b9e24bda9168582022-01-04 14:22:12.463root 11241100x80000000000000004285904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ebe004ae55dc3b2022-01-04 14:22:12.463root 11241100x80000000000000004285905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d69c62e831477a2022-01-04 14:22:12.463root 11241100x80000000000000004285906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139cc67e53f18c282022-01-04 14:22:12.463root 11241100x80000000000000004285907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f942238e08aeef2022-01-04 14:22:12.463root 11241100x80000000000000004285908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290f532d674116c72022-01-04 14:22:12.463root 11241100x80000000000000004285909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed430a5c48f35a32022-01-04 14:22:12.463root 11241100x80000000000000004285910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8664f966fd5d6a2022-01-04 14:22:12.463root 11241100x80000000000000004285911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d36fa5e83f504e42022-01-04 14:22:12.463root 11241100x80000000000000004285912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e4dc81640365a12022-01-04 14:22:12.463root 11241100x80000000000000004285913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b455ab136606e582022-01-04 14:22:12.464root 11241100x80000000000000004285914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a93d3fbb62fd0042022-01-04 14:22:12.464root 11241100x80000000000000004285915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b8733eb06d77dc2022-01-04 14:22:12.464root 11241100x80000000000000004285916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9778ef348a5d467f2022-01-04 14:22:12.464root 11241100x80000000000000004285917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f42fc1ac5f2ccc32022-01-04 14:22:12.464root 11241100x80000000000000004285918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3769d38b5d7712e52022-01-04 14:22:12.464root 11241100x80000000000000004285919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccf30a4bf8a18c72022-01-04 14:22:12.464root 11241100x80000000000000004285920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7c6fadbd06ab962022-01-04 14:22:12.464root 11241100x80000000000000004285921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf05dce00876e1a02022-01-04 14:22:12.960root 11241100x80000000000000004285922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e200f2429efdbcc52022-01-04 14:22:12.960root 11241100x80000000000000004285923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37a725eac310c322022-01-04 14:22:12.960root 11241100x80000000000000004285924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f012fef08b59f342022-01-04 14:22:12.960root 11241100x80000000000000004285925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5d1ffab69b0c582022-01-04 14:22:12.960root 11241100x80000000000000004285926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c61ee5b9af914f72022-01-04 14:22:12.960root 11241100x80000000000000004285927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585dcf414a9b96f22022-01-04 14:22:12.960root 11241100x80000000000000004285928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a31c70eacd797e2022-01-04 14:22:12.960root 11241100x80000000000000004285929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66533f4f0c4bdf6c2022-01-04 14:22:12.961root 11241100x80000000000000004285930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a91cacbba47d482022-01-04 14:22:12.961root 11241100x80000000000000004285931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb278c21bc44b852022-01-04 14:22:12.961root 11241100x80000000000000004285932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a732d58227b389822022-01-04 14:22:12.961root 11241100x80000000000000004285933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755700dd69d51dcd2022-01-04 14:22:12.961root 11241100x80000000000000004285934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee132bec7607aa1f2022-01-04 14:22:12.961root 11241100x80000000000000004285935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3168ddc1b348abfe2022-01-04 14:22:12.961root 11241100x80000000000000004285936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca386461bef5b942022-01-04 14:22:12.961root 11241100x80000000000000004285937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad88af2c178ad8ee2022-01-04 14:22:12.961root 11241100x80000000000000004285938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc2afa69b2b9c9a2022-01-04 14:22:12.961root 11241100x80000000000000004285939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40a4e435a2f9d072022-01-04 14:22:12.962root 11241100x80000000000000004285940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20baa10e8c82dd672022-01-04 14:22:12.962root 11241100x80000000000000004285941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3eec09367b20c12022-01-04 14:22:12.962root 11241100x80000000000000004285942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece134711c7032d02022-01-04 14:22:12.963root 11241100x80000000000000004285943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aee902b7903cb92022-01-04 14:22:12.963root 11241100x80000000000000004285944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f139223bf5b82afa2022-01-04 14:22:12.963root 11241100x80000000000000004285945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:12.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da97848ba43d8072022-01-04 14:22:12.963root 11241100x80000000000000004285946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02612a05d873710a2022-01-04 14:22:13.459root 11241100x80000000000000004285947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd8c931846459d62022-01-04 14:22:13.459root 11241100x80000000000000004285948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a44f460c2335b8b2022-01-04 14:22:13.460root 11241100x80000000000000004285949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb64b692854c48b12022-01-04 14:22:13.460root 11241100x80000000000000004285950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473b0acfdbc6de952022-01-04 14:22:13.460root 11241100x80000000000000004285951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4c12aa9cd038062022-01-04 14:22:13.460root 11241100x80000000000000004285952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1812423ea2895c32022-01-04 14:22:13.460root 11241100x80000000000000004285953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515d37ed60faa0d12022-01-04 14:22:13.460root 11241100x80000000000000004285954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7319ed21d451b99f2022-01-04 14:22:13.460root 11241100x80000000000000004285955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd771b7b6450735c2022-01-04 14:22:13.460root 11241100x80000000000000004285956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db18911df7da4832022-01-04 14:22:13.460root 11241100x80000000000000004285957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afcdae430810fc22022-01-04 14:22:13.460root 11241100x80000000000000004285958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a9795a62875e632022-01-04 14:22:13.460root 11241100x80000000000000004285959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebae45d704011c2e2022-01-04 14:22:13.460root 11241100x80000000000000004285960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd03c96b51659512022-01-04 14:22:13.461root 11241100x80000000000000004285961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2859257c675a8f8b2022-01-04 14:22:13.461root 11241100x80000000000000004285962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d8962bf02d53a32022-01-04 14:22:13.461root 11241100x80000000000000004285963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0893a3731620b5ad2022-01-04 14:22:13.461root 11241100x80000000000000004285964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fca4dbc3b631162022-01-04 14:22:13.461root 11241100x80000000000000004285965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d9d1ede1bf3be2022-01-04 14:22:13.461root 11241100x80000000000000004285966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4050260d2f29a832022-01-04 14:22:13.461root 11241100x80000000000000004285967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e0bb19adff336c2022-01-04 14:22:13.461root 11241100x80000000000000004285968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba86c97ae5559652022-01-04 14:22:13.461root 11241100x80000000000000004285969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b745ef1b0556a95b2022-01-04 14:22:13.461root 11241100x80000000000000004285970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f5086f7cc070222022-01-04 14:22:13.462root 11241100x80000000000000004285971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558b258d5a2950e02022-01-04 14:22:13.959root 11241100x80000000000000004285972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2321c748cd70a82022-01-04 14:22:13.960root 11241100x80000000000000004285973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbecc59bddd57082022-01-04 14:22:13.960root 11241100x80000000000000004285974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532e0f80a46325512022-01-04 14:22:13.960root 11241100x80000000000000004285975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583578526ec6a9e92022-01-04 14:22:13.960root 11241100x80000000000000004285976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c7ea6935a506942022-01-04 14:22:13.960root 11241100x80000000000000004285977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75ecc173cb708ca2022-01-04 14:22:13.960root 11241100x80000000000000004285978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5799fb0e5097da12022-01-04 14:22:13.960root 11241100x80000000000000004285979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d5d2f310eb3892022-01-04 14:22:13.960root 11241100x80000000000000004285980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c94f719f2b872f2022-01-04 14:22:13.960root 11241100x80000000000000004285981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7796b1b69f0bef7b2022-01-04 14:22:13.960root 11241100x80000000000000004285982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319dac02ea2435992022-01-04 14:22:13.960root 11241100x80000000000000004285983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b534bef64a3b462022-01-04 14:22:13.960root 11241100x80000000000000004285984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd209b3343a53752022-01-04 14:22:13.960root 11241100x80000000000000004285985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c835f448e941e4d2022-01-04 14:22:13.961root 11241100x80000000000000004285986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e2f1f977432cc62022-01-04 14:22:13.961root 11241100x80000000000000004285987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0043d5ac3d02c5ab2022-01-04 14:22:13.961root 11241100x80000000000000004285988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129f891eb321bd692022-01-04 14:22:13.961root 11241100x80000000000000004285989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ba83bff09615cf2022-01-04 14:22:13.961root 11241100x80000000000000004285990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd720df7c73428b2022-01-04 14:22:13.961root 11241100x80000000000000004285991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bf222ec4b6372d2022-01-04 14:22:13.961root 11241100x80000000000000004285992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e108b3b1f478b02022-01-04 14:22:13.961root 11241100x80000000000000004285993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b32595c6db9c4d22022-01-04 14:22:13.961root 11241100x80000000000000004285994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08709f123d843642022-01-04 14:22:13.961root 11241100x80000000000000004285995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24a41ad9b21fc402022-01-04 14:22:13.961root 11241100x80000000000000004285996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87560f29c190caa22022-01-04 14:22:14.459root 11241100x80000000000000004285997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bb729fa9acf1d22022-01-04 14:22:14.459root 11241100x80000000000000004285998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70c587b3b658a462022-01-04 14:22:14.459root 11241100x80000000000000004285999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4939e31ba32927e32022-01-04 14:22:14.460root 11241100x80000000000000004286000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e056873edc83bd6b2022-01-04 14:22:14.460root 11241100x80000000000000004286001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a0b66bbeaabf802022-01-04 14:22:14.460root 11241100x80000000000000004286002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971e692df156b20a2022-01-04 14:22:14.460root 11241100x80000000000000004286003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e33cf869c3ff8132022-01-04 14:22:14.460root 11241100x80000000000000004286004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deba17dbccc60d362022-01-04 14:22:14.460root 11241100x80000000000000004286005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7f5b42cd168c072022-01-04 14:22:14.460root 11241100x80000000000000004286006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da201779ec597fe2022-01-04 14:22:14.460root 11241100x80000000000000004286007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854eb89171f96d992022-01-04 14:22:14.460root 11241100x80000000000000004286008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce930a214f373c042022-01-04 14:22:14.461root 11241100x80000000000000004286009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8aa24798e5c31d2022-01-04 14:22:14.461root 11241100x80000000000000004286010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795847fd86fc54742022-01-04 14:22:14.461root 11241100x80000000000000004286011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313deb9c277fb1242022-01-04 14:22:14.461root 11241100x80000000000000004286012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dfbf987828e4242022-01-04 14:22:14.461root 11241100x80000000000000004286013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a5c0ec184b8c4d2022-01-04 14:22:14.461root 11241100x80000000000000004286014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458899d8276ba4d82022-01-04 14:22:14.461root 11241100x80000000000000004286015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b13db3188b75162022-01-04 14:22:14.461root 11241100x80000000000000004286016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc71c448c7e9c382022-01-04 14:22:14.461root 11241100x80000000000000004286017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd815ff735f69ee22022-01-04 14:22:14.461root 11241100x80000000000000004286018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fad3d704198c2812022-01-04 14:22:14.461root 11241100x80000000000000004286019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ab427101a3ee6c2022-01-04 14:22:14.462root 11241100x80000000000000004286020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2f59487e009bb22022-01-04 14:22:14.462root 11241100x80000000000000004286021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ea003ac9c346df2022-01-04 14:22:14.462root 11241100x80000000000000004286022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cf2beb05ebf0ff2022-01-04 14:22:14.462root 11241100x80000000000000004286023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92806086a97173a72022-01-04 14:22:14.462root 11241100x80000000000000004286024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e00a74c99781e72022-01-04 14:22:14.462root 11241100x80000000000000004286025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a81c5bb2b8de3fe2022-01-04 14:22:14.462root 11241100x80000000000000004286026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9392ec07f3c4b6762022-01-04 14:22:14.462root 11241100x80000000000000004286027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6a3b748851eb4a2022-01-04 14:22:14.462root 11241100x80000000000000004286028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4b18d203b1cee32022-01-04 14:22:14.959root 11241100x80000000000000004286029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b070a8c6b67d80242022-01-04 14:22:14.960root 11241100x80000000000000004286030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69722e7d0d28f1512022-01-04 14:22:14.960root 11241100x80000000000000004286031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e8a92db2ba28d32022-01-04 14:22:14.960root 11241100x80000000000000004286032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d49f52b1bb7e932022-01-04 14:22:14.960root 11241100x80000000000000004286033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d113a29866a6ab2022-01-04 14:22:14.960root 11241100x80000000000000004286034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69e7ad4c36bb992022-01-04 14:22:14.960root 11241100x80000000000000004286035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0395539252345cb2022-01-04 14:22:14.960root 11241100x80000000000000004286036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8e7f53a2879cc72022-01-04 14:22:14.960root 11241100x80000000000000004286037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e438cfad0a1db4742022-01-04 14:22:14.960root 11241100x80000000000000004286038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2993d30129491ec12022-01-04 14:22:14.960root 11241100x80000000000000004286039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae43e1bc0bd2b2c2022-01-04 14:22:14.960root 11241100x80000000000000004286040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5761569733fb502022-01-04 14:22:14.960root 11241100x80000000000000004286041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d89c71556adfcd72022-01-04 14:22:14.960root 11241100x80000000000000004286042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c61784bac387772022-01-04 14:22:14.961root 11241100x80000000000000004286043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff134f576c82f3e2022-01-04 14:22:14.961root 11241100x80000000000000004286044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f347ed8abe6c4b2022-01-04 14:22:14.961root 11241100x80000000000000004286045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca96944f075c2442022-01-04 14:22:14.961root 11241100x80000000000000004286046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f29db86dadefaa2022-01-04 14:22:14.961root 11241100x80000000000000004286047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a557f6451e62b1442022-01-04 14:22:14.961root 11241100x80000000000000004286048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e361702fddd79c5e2022-01-04 14:22:14.961root 11241100x80000000000000004286049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff49d77807ceb082022-01-04 14:22:14.961root 11241100x80000000000000004286050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cc6ef85bacc2ac2022-01-04 14:22:14.961root 11241100x80000000000000004286051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5f5cd78e532f582022-01-04 14:22:14.961root 11241100x80000000000000004286052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e54ddbe369e1f42022-01-04 14:22:14.961root 354300x80000000000000004286053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.038{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41594-false10.0.1.12-8000- 11241100x80000000000000004286054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411391a1a0500eda2022-01-04 14:22:15.459root 11241100x80000000000000004286055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3a1cd54245b2a2022-01-04 14:22:15.460root 11241100x80000000000000004286056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8460e16ad367fc52022-01-04 14:22:15.460root 11241100x80000000000000004286057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b9b731205ade922022-01-04 14:22:15.460root 11241100x80000000000000004286058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb7d5a79cb4b9682022-01-04 14:22:15.460root 11241100x80000000000000004286059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486adbda7298adfa2022-01-04 14:22:15.460root 11241100x80000000000000004286060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a366f1e9c8201f42022-01-04 14:22:15.460root 11241100x80000000000000004286061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0250beb095d55352022-01-04 14:22:15.460root 11241100x80000000000000004286062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d34dade13f2ca42022-01-04 14:22:15.460root 11241100x80000000000000004286063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e6b24879dec0dc2022-01-04 14:22:15.460root 11241100x80000000000000004286064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f1c045d83c94ad2022-01-04 14:22:15.461root 11241100x80000000000000004286065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e942f0b387150652022-01-04 14:22:15.461root 11241100x80000000000000004286066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc34c8cc8ad1ec92022-01-04 14:22:15.461root 11241100x80000000000000004286067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d46e48ae627f212022-01-04 14:22:15.461root 11241100x80000000000000004286068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f91ec8747c81232022-01-04 14:22:15.461root 11241100x80000000000000004286069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fac581c35213eef2022-01-04 14:22:15.461root 11241100x80000000000000004286070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0770361b2a4084ee2022-01-04 14:22:15.461root 11241100x80000000000000004286071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b535e3eddd0ef05e2022-01-04 14:22:15.461root 11241100x80000000000000004286072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a0c34b5bb8e4672022-01-04 14:22:15.461root 11241100x80000000000000004286073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4dc2f271ed0bcd2022-01-04 14:22:15.462root 11241100x80000000000000004286074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba4d01e054ecb842022-01-04 14:22:15.462root 11241100x80000000000000004286075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bd25296a0a24592022-01-04 14:22:15.462root 11241100x80000000000000004286076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8421f74f015ce7e2022-01-04 14:22:15.462root 11241100x80000000000000004286077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142f052f633721b22022-01-04 14:22:15.462root 11241100x80000000000000004286078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08601827c4dca8512022-01-04 14:22:15.462root 11241100x80000000000000004286079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf663838d0f1c9c2022-01-04 14:22:15.462root 11241100x80000000000000004286080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75579f1dfccd4e1a2022-01-04 14:22:15.959root 11241100x80000000000000004286081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802159b3ab88f7c22022-01-04 14:22:15.960root 11241100x80000000000000004286082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d63b57fac8614a2022-01-04 14:22:15.960root 11241100x80000000000000004286083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6675f501007b0e572022-01-04 14:22:15.960root 11241100x80000000000000004286084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d047e3ed7b867a12022-01-04 14:22:15.960root 11241100x80000000000000004286085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515493ded4f29c502022-01-04 14:22:15.960root 11241100x80000000000000004286086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0a9467fc39fe7f2022-01-04 14:22:15.960root 11241100x80000000000000004286087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68504a111b698ecb2022-01-04 14:22:15.960root 11241100x80000000000000004286088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821fbed63c0df3a12022-01-04 14:22:15.960root 11241100x80000000000000004286089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6c348fb7645a8d2022-01-04 14:22:15.961root 11241100x80000000000000004286090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed83d56990cbf9b2022-01-04 14:22:15.961root 11241100x80000000000000004286091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3c6a5eb218a702022-01-04 14:22:15.961root 11241100x80000000000000004286092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028deecb11c42ab42022-01-04 14:22:15.961root 11241100x80000000000000004286093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ffc9fd0eb30f842022-01-04 14:22:15.961root 11241100x80000000000000004286094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad1fa9f9f5655052022-01-04 14:22:15.961root 11241100x80000000000000004286095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cacce530a3497d62022-01-04 14:22:15.961root 11241100x80000000000000004286096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f230dcfcb320112022-01-04 14:22:15.961root 11241100x80000000000000004286097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff8b71b1cf03ecd2022-01-04 14:22:15.961root 11241100x80000000000000004286098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7bf680684c1dc72022-01-04 14:22:15.961root 11241100x80000000000000004286099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d25cdc083b7a32022-01-04 14:22:15.961root 11241100x80000000000000004286100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f564d1f6f826448f2022-01-04 14:22:15.961root 11241100x80000000000000004286101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7544120b3f3853d42022-01-04 14:22:15.962root 11241100x80000000000000004286102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f188a7f5afcba7a82022-01-04 14:22:15.962root 11241100x80000000000000004286103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27061fcc82eddc42022-01-04 14:22:15.962root 11241100x80000000000000004286104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f945f3a0af6ff82022-01-04 14:22:15.962root 11241100x80000000000000004286105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbad1f458e00d12b2022-01-04 14:22:15.962root 11241100x80000000000000004286106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f4cbef092bfc2f2022-01-04 14:22:16.460root 11241100x80000000000000004286107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de44ac8b8ff400a02022-01-04 14:22:16.460root 11241100x80000000000000004286108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11373c6a481d51b2022-01-04 14:22:16.460root 11241100x80000000000000004286109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25316b80fdded4cd2022-01-04 14:22:16.460root 11241100x80000000000000004286110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f6eee29d8704d2022-01-04 14:22:16.460root 11241100x80000000000000004286111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5a28932ac52ae62022-01-04 14:22:16.460root 11241100x80000000000000004286112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ea1b43ce3851432022-01-04 14:22:16.460root 11241100x80000000000000004286113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103bde902bbb9e802022-01-04 14:22:16.460root 11241100x80000000000000004286114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146cd29d2e45de842022-01-04 14:22:16.460root 11241100x80000000000000004286115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b0486ba9f2db8c2022-01-04 14:22:16.461root 11241100x80000000000000004286116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a9059c5bfa334a2022-01-04 14:22:16.461root 11241100x80000000000000004286117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf913a8d7f48a542022-01-04 14:22:16.461root 11241100x80000000000000004286118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590e980929dcf8602022-01-04 14:22:16.461root 11241100x80000000000000004286119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13304e20b9aa9c12022-01-04 14:22:16.461root 11241100x80000000000000004286120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de0fac1b83cefb2022-01-04 14:22:16.461root 11241100x80000000000000004286121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18f909289572cd62022-01-04 14:22:16.461root 11241100x80000000000000004286122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409b54533b4be07a2022-01-04 14:22:16.461root 11241100x80000000000000004286123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82efc9e3d603b9442022-01-04 14:22:16.461root 11241100x80000000000000004286124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18686f47ea1f942022-01-04 14:22:16.461root 11241100x80000000000000004286125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583702e29dcada942022-01-04 14:22:16.462root 11241100x80000000000000004286126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ca17cea75427ff2022-01-04 14:22:16.462root 11241100x80000000000000004286127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a7dd72a69c2e12022-01-04 14:22:16.462root 11241100x80000000000000004286128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8785383e3cfde6a2022-01-04 14:22:16.462root 11241100x80000000000000004286129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c31c87bfcef5aa82022-01-04 14:22:16.462root 11241100x80000000000000004286130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330b8e0b8685eb702022-01-04 14:22:16.462root 11241100x80000000000000004286131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b672cbcdda83072022-01-04 14:22:16.462root 11241100x80000000000000004286132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883cc6cf3c8b713f2022-01-04 14:22:16.959root 11241100x80000000000000004286133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a790011b508832432022-01-04 14:22:16.960root 11241100x80000000000000004286134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d9924ef1ad3c222022-01-04 14:22:16.960root 11241100x80000000000000004286135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac0061edb4ca87d2022-01-04 14:22:16.960root 11241100x80000000000000004286136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c51c9acef04cc12022-01-04 14:22:16.960root 11241100x80000000000000004286137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb20047396c863fb2022-01-04 14:22:16.960root 11241100x80000000000000004286138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7252ce2b93a818f2022-01-04 14:22:16.960root 11241100x80000000000000004286139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2556b8710b04b8d52022-01-04 14:22:16.960root 11241100x80000000000000004286140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6a8fcf81b98ce52022-01-04 14:22:16.960root 11241100x80000000000000004286141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1c4dbd8b06e0f12022-01-04 14:22:16.960root 11241100x80000000000000004286142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeecef4515d1d132022-01-04 14:22:16.960root 11241100x80000000000000004286143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b8dd4cd7d985812022-01-04 14:22:16.960root 11241100x80000000000000004286144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c710a21a27b8082022-01-04 14:22:16.961root 11241100x80000000000000004286145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b08a580eb07030a2022-01-04 14:22:16.961root 11241100x80000000000000004286146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309d253588a4e4b2022-01-04 14:22:16.961root 11241100x80000000000000004286147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd296e7bc3dd1ec02022-01-04 14:22:16.961root 11241100x80000000000000004286148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7ddb1decea63c92022-01-04 14:22:16.961root 11241100x80000000000000004286149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec604ba0095a6b972022-01-04 14:22:16.961root 11241100x80000000000000004286150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcdd8c8b19d03ad2022-01-04 14:22:16.961root 11241100x80000000000000004286151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd91297a7df016d2022-01-04 14:22:16.961root 11241100x80000000000000004286152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2704d35b976b7be92022-01-04 14:22:16.962root 11241100x80000000000000004286153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c03b0155caee302022-01-04 14:22:16.962root 11241100x80000000000000004286154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e15dc47677434d62022-01-04 14:22:16.962root 11241100x80000000000000004286155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eebe78b43d833352022-01-04 14:22:16.962root 11241100x80000000000000004286156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a150d73601d319c2022-01-04 14:22:16.962root 11241100x80000000000000004286157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:16.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27525915864a61d62022-01-04 14:22:16.962root 11241100x80000000000000004286158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d7b2837f4b56762022-01-04 14:22:17.460root 11241100x80000000000000004286159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df54abf79d1861f52022-01-04 14:22:17.460root 11241100x80000000000000004286160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fde4cadd493904b2022-01-04 14:22:17.460root 11241100x80000000000000004286161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b99a85ef30a07b2022-01-04 14:22:17.460root 11241100x80000000000000004286162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2fb05ff4dae1a82022-01-04 14:22:17.460root 11241100x80000000000000004286163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aea69db1e5e2b92022-01-04 14:22:17.460root 11241100x80000000000000004286164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e87afca79100a652022-01-04 14:22:17.460root 11241100x80000000000000004286165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab39eabee37eb6e72022-01-04 14:22:17.460root 11241100x80000000000000004286166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e94be466b4c441d2022-01-04 14:22:17.460root 11241100x80000000000000004286167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c9c5b53d4ce70f2022-01-04 14:22:17.460root 11241100x80000000000000004286168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28881ade290623492022-01-04 14:22:17.461root 11241100x80000000000000004286169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebea45a072fd8d9b2022-01-04 14:22:17.461root 11241100x80000000000000004286170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c545af4e0e26acc2022-01-04 14:22:17.461root 11241100x80000000000000004286171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fa669ced248e422022-01-04 14:22:17.461root 11241100x80000000000000004286172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d2bfbd0bb470802022-01-04 14:22:17.461root 11241100x80000000000000004286173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf79fba866706f52022-01-04 14:22:17.461root 11241100x80000000000000004286174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03e6340d503a472022-01-04 14:22:17.461root 11241100x80000000000000004286175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f1db3628f9e6cf2022-01-04 14:22:17.461root 11241100x80000000000000004286176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346c2cff1bee9ba42022-01-04 14:22:17.461root 11241100x80000000000000004286177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242d21c66774e28d2022-01-04 14:22:17.462root 11241100x80000000000000004286178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd32a4ee15141e482022-01-04 14:22:17.462root 11241100x80000000000000004286179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdb4f8f6143b4302022-01-04 14:22:17.462root 11241100x80000000000000004286180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb34dcd4242f712a2022-01-04 14:22:17.462root 11241100x80000000000000004286181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72126943f1d4b2682022-01-04 14:22:17.462root 11241100x80000000000000004286182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02827be63f5b8502022-01-04 14:22:17.462root 11241100x80000000000000004286183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a0cc6fe2f6ff22022-01-04 14:22:17.462root 11241100x80000000000000004286184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfbc8657cbf5a482022-01-04 14:22:17.959root 11241100x80000000000000004286185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d4a40080cc61112022-01-04 14:22:17.959root 11241100x80000000000000004286186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564eaf118a379e6f2022-01-04 14:22:17.959root 11241100x80000000000000004286187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c0278ce426f0e72022-01-04 14:22:17.960root 11241100x80000000000000004286188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d540b8122f24f302022-01-04 14:22:17.960root 11241100x80000000000000004286189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe2f4b74e88af7c2022-01-04 14:22:17.960root 11241100x80000000000000004286190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd6a2816e71f85a2022-01-04 14:22:17.960root 11241100x80000000000000004286191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fc1280dd0b83602022-01-04 14:22:17.960root 11241100x80000000000000004286192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4d9796a3177c3d2022-01-04 14:22:17.960root 11241100x80000000000000004286193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e294320203eb12022-01-04 14:22:17.960root 11241100x80000000000000004286194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87196cf3cfd7df32022-01-04 14:22:17.960root 11241100x80000000000000004286195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4c0b9a6f4a86d72022-01-04 14:22:17.960root 11241100x80000000000000004286196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df9411234f577702022-01-04 14:22:17.961root 11241100x80000000000000004286197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6bc7d77031e8a42022-01-04 14:22:17.961root 11241100x80000000000000004286198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a88c531614c49c42022-01-04 14:22:17.961root 11241100x80000000000000004286199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ac4302b28757a82022-01-04 14:22:17.961root 11241100x80000000000000004286200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14d2e7c9f7d6ae22022-01-04 14:22:17.961root 11241100x80000000000000004286201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9844d907e2612302022-01-04 14:22:17.961root 11241100x80000000000000004286202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cbfe443ca57f572022-01-04 14:22:17.961root 11241100x80000000000000004286203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b47270b8b2cdf252022-01-04 14:22:17.961root 11241100x80000000000000004286204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce197e2eb08a3882022-01-04 14:22:17.961root 11241100x80000000000000004286205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a461ab99256bb0782022-01-04 14:22:17.961root 11241100x80000000000000004286206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29afcdc28810d6a62022-01-04 14:22:17.962root 11241100x80000000000000004286207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ab3f344c728f92022-01-04 14:22:17.962root 11241100x80000000000000004286208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cd50e0c3866a172022-01-04 14:22:17.962root 11241100x80000000000000004286209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4560e068088cfe2022-01-04 14:22:17.962root 11241100x80000000000000004286210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9828a5031e63716d2022-01-04 14:22:17.962root 11241100x80000000000000004286211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536e066bac2ad69e2022-01-04 14:22:17.962root 11241100x80000000000000004286212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d0046dfe47f38a2022-01-04 14:22:18.459root 11241100x80000000000000004286213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f1d03ef15818df2022-01-04 14:22:18.459root 11241100x80000000000000004286214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16da7e08c9db7ea52022-01-04 14:22:18.460root 11241100x80000000000000004286215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95dc6e969d0f8b52022-01-04 14:22:18.460root 11241100x80000000000000004286216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fc26eed5cbdce62022-01-04 14:22:18.460root 11241100x80000000000000004286217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5583697119fe142022-01-04 14:22:18.460root 11241100x80000000000000004286218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2849b1212c89e772022-01-04 14:22:18.461root 11241100x80000000000000004286219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893626e1fb5f2b942022-01-04 14:22:18.461root 11241100x80000000000000004286220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47048d7a3c1fd89e2022-01-04 14:22:18.461root 11241100x80000000000000004286221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97031aa5aea5f8d32022-01-04 14:22:18.461root 11241100x80000000000000004286222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaead8416653a0182022-01-04 14:22:18.461root 11241100x80000000000000004286223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3879828d57e88d4c2022-01-04 14:22:18.461root 11241100x80000000000000004286224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1784083d495437cd2022-01-04 14:22:18.461root 11241100x80000000000000004286225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3d2727b7d9199d2022-01-04 14:22:18.461root 11241100x80000000000000004286226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b0bd2cb51668b62022-01-04 14:22:18.461root 11241100x80000000000000004286227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28869334d946e3ba2022-01-04 14:22:18.462root 11241100x80000000000000004286228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ac9151a20a91142022-01-04 14:22:18.462root 11241100x80000000000000004286229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd0b120703c6ddb2022-01-04 14:22:18.462root 11241100x80000000000000004286230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e8f5048239f8d62022-01-04 14:22:18.462root 11241100x80000000000000004286231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e467ecc476a322d62022-01-04 14:22:18.462root 11241100x80000000000000004286232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4065e949b4041592022-01-04 14:22:18.462root 11241100x80000000000000004286233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f294c6183fb3dcb42022-01-04 14:22:18.462root 11241100x80000000000000004286234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528640189fd4052a2022-01-04 14:22:18.462root 11241100x80000000000000004286235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbf304581eb24602022-01-04 14:22:18.462root 11241100x80000000000000004286236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1c84d06b7f76152022-01-04 14:22:18.463root 11241100x80000000000000004286237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5559a9c941d454bc2022-01-04 14:22:18.463root 11241100x80000000000000004286238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db7429227deed1d2022-01-04 14:22:18.463root 11241100x80000000000000004286239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54e7e5b9b8c118b2022-01-04 14:22:18.463root 11241100x80000000000000004286240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a71361ce494e44e2022-01-04 14:22:18.463root 11241100x80000000000000004286241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be001cfba6013ad62022-01-04 14:22:18.464root 11241100x80000000000000004286242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795917c7b7dc29322022-01-04 14:22:18.960root 11241100x80000000000000004286243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e621fea3a9fb292022-01-04 14:22:18.960root 11241100x80000000000000004286244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db792559de51211f2022-01-04 14:22:18.960root 11241100x80000000000000004286245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6acaf2cd457e62022-01-04 14:22:18.960root 11241100x80000000000000004286246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604011d5de7baf042022-01-04 14:22:18.961root 11241100x80000000000000004286247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9673af6113e810c2022-01-04 14:22:18.961root 11241100x80000000000000004286248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fb7375fc0c43a42022-01-04 14:22:18.961root 11241100x80000000000000004286249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1cdba402ae0dc02022-01-04 14:22:18.961root 11241100x80000000000000004286250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82621ea6e8d9de7f2022-01-04 14:22:18.962root 11241100x80000000000000004286251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f7dd66efdb747d2022-01-04 14:22:18.962root 11241100x80000000000000004286252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65e5e79b388c2c22022-01-04 14:22:18.962root 11241100x80000000000000004286253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452ee407237ebbf92022-01-04 14:22:18.962root 11241100x80000000000000004286254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e881dc6c998bcde2022-01-04 14:22:18.962root 11241100x80000000000000004286255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d299cef6baeb172022-01-04 14:22:18.963root 11241100x80000000000000004286256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6519a51320b3f8e22022-01-04 14:22:18.963root 11241100x80000000000000004286257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57361c9a3427c962022-01-04 14:22:18.963root 11241100x80000000000000004286258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75efe892428748ff2022-01-04 14:22:18.963root 11241100x80000000000000004286259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad2d1975f4b15ed2022-01-04 14:22:18.963root 11241100x80000000000000004286260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25092e00babd4fc02022-01-04 14:22:18.963root 11241100x80000000000000004286261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563410007d7ef52b2022-01-04 14:22:18.963root 11241100x80000000000000004286262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7ad49fd41133a2022-01-04 14:22:18.963root 11241100x80000000000000004286263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1714dfcb0d021b2022-01-04 14:22:18.964root 11241100x80000000000000004286264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d727b14b6423d1f42022-01-04 14:22:18.964root 11241100x80000000000000004286265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3a5f2a3c1ccfa02022-01-04 14:22:18.964root 11241100x80000000000000004286266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11724c4b0f2050d92022-01-04 14:22:18.964root 11241100x80000000000000004286267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d65c18bfbc56ba2022-01-04 14:22:18.964root 11241100x80000000000000004286268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffbe53e66f6b8f82022-01-04 14:22:19.459root 11241100x80000000000000004286269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc6d410d6f0a5b02022-01-04 14:22:19.459root 11241100x80000000000000004286270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc920dfb546c362022-01-04 14:22:19.459root 11241100x80000000000000004286271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d5ee1beedc21292022-01-04 14:22:19.460root 11241100x80000000000000004286272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c52e934fc8a77072022-01-04 14:22:19.460root 11241100x80000000000000004286273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ee25e0e1568ca2022-01-04 14:22:19.460root 11241100x80000000000000004286274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52716a461b8e16aa2022-01-04 14:22:19.460root 11241100x80000000000000004286275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b276df1d8f30ed82022-01-04 14:22:19.460root 11241100x80000000000000004286276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514cc54f38a2577e2022-01-04 14:22:19.460root 11241100x80000000000000004286277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63da5b75ab448df82022-01-04 14:22:19.460root 11241100x80000000000000004286278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6022b1449425d712022-01-04 14:22:19.460root 11241100x80000000000000004286279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c655236fc6ea17c32022-01-04 14:22:19.460root 11241100x80000000000000004286280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27405ee9e0a5f8672022-01-04 14:22:19.461root 11241100x80000000000000004286281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b594100339d81fa2022-01-04 14:22:19.461root 11241100x80000000000000004286282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af4152615e20f232022-01-04 14:22:19.461root 11241100x80000000000000004286283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25177c45fa9249252022-01-04 14:22:19.461root 11241100x80000000000000004286284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37210f5eac54ebb2022-01-04 14:22:19.461root 11241100x80000000000000004286285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1ad4bc4916cbf22022-01-04 14:22:19.461root 11241100x80000000000000004286286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b58a3c7cf9f3d22022-01-04 14:22:19.461root 11241100x80000000000000004286287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8ea4268b5b19292022-01-04 14:22:19.461root 11241100x80000000000000004286288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47517ab8ea912b802022-01-04 14:22:19.461root 11241100x80000000000000004286289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e5c8f0b5391db2022-01-04 14:22:19.462root 11241100x80000000000000004286290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec6c297f9c4e19b2022-01-04 14:22:19.462root 11241100x80000000000000004286291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1fec7e14f7601f2022-01-04 14:22:19.462root 11241100x80000000000000004286292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a148aea097923c02022-01-04 14:22:19.462root 11241100x80000000000000004286293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832197e61941c08f2022-01-04 14:22:19.462root 11241100x80000000000000004286294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc023a5bc72ab2f42022-01-04 14:22:19.462root 11241100x80000000000000004286295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3d64613391d2932022-01-04 14:22:19.462root 11241100x80000000000000004286296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994be68475163edf2022-01-04 14:22:19.462root 11241100x80000000000000004286297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a13ce6cfd2df082022-01-04 14:22:19.462root 11241100x80000000000000004286298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4f14987350cdb92022-01-04 14:22:19.959root 11241100x80000000000000004286299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fdd9ab85fe4d8d2022-01-04 14:22:19.960root 11241100x80000000000000004286300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e6ef44e9132702022-01-04 14:22:19.960root 11241100x80000000000000004286301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef405b715127610f2022-01-04 14:22:19.960root 11241100x80000000000000004286302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d09e61b027c70e2022-01-04 14:22:19.960root 11241100x80000000000000004286303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e156335fe588e6002022-01-04 14:22:19.960root 11241100x80000000000000004286304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65d809c29cea0362022-01-04 14:22:19.960root 11241100x80000000000000004286305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fef6a7aa4eeb9d2022-01-04 14:22:19.960root 11241100x80000000000000004286306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798e78c3cef58a2d2022-01-04 14:22:19.960root 11241100x80000000000000004286307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e1683aabcda23e2022-01-04 14:22:19.960root 11241100x80000000000000004286308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b808c996f98d366f2022-01-04 14:22:19.961root 11241100x80000000000000004286309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60389414acfa4d702022-01-04 14:22:19.961root 11241100x80000000000000004286310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7195eb11954f299f2022-01-04 14:22:19.961root 11241100x80000000000000004286311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b760b5a90ad9eb32022-01-04 14:22:19.961root 11241100x80000000000000004286312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d166e13e6ea8862022-01-04 14:22:19.961root 11241100x80000000000000004286313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc213b6789a90332022-01-04 14:22:19.961root 11241100x80000000000000004286314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf022da02fcab122022-01-04 14:22:19.961root 11241100x80000000000000004286315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d944b75c635f87d02022-01-04 14:22:19.961root 11241100x80000000000000004286316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bed6e49ad5fe462022-01-04 14:22:19.961root 11241100x80000000000000004286317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac8153fc46048ff2022-01-04 14:22:19.961root 11241100x80000000000000004286318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516da7b90eba41562022-01-04 14:22:19.962root 11241100x80000000000000004286319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5775b636d2623e2022-01-04 14:22:19.962root 11241100x80000000000000004286320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20458b2d79d83152022-01-04 14:22:19.962root 11241100x80000000000000004286321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a73d01a3bc85d5a2022-01-04 14:22:19.962root 11241100x80000000000000004286322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f715c5b171a85fd62022-01-04 14:22:19.962root 11241100x80000000000000004286323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7faafba1d5ff662022-01-04 14:22:19.962root 354300x80000000000000004286324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.110{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41596-false10.0.1.12-8000- 11241100x80000000000000004286325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b1166719e095a02022-01-04 14:22:20.460root 11241100x80000000000000004286326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8c3910bf9a144c2022-01-04 14:22:20.460root 11241100x80000000000000004286327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb06ca627ce8668f2022-01-04 14:22:20.460root 11241100x80000000000000004286328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b044e91e4e91686d2022-01-04 14:22:20.460root 11241100x80000000000000004286329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c634cb5698eca792022-01-04 14:22:20.460root 11241100x80000000000000004286330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae80c1a407f04e152022-01-04 14:22:20.460root 11241100x80000000000000004286331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284c663396dcf3bc2022-01-04 14:22:20.460root 11241100x80000000000000004286332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902138ac411c0a222022-01-04 14:22:20.461root 11241100x80000000000000004286333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bf17d378437b572022-01-04 14:22:20.461root 11241100x80000000000000004286334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a1ff2021d981072022-01-04 14:22:20.461root 11241100x80000000000000004286335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc469b9d4219ea02022-01-04 14:22:20.461root 11241100x80000000000000004286336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4945a2f13b1c63032022-01-04 14:22:20.461root 11241100x80000000000000004286337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bf43eb4a3fd7cd2022-01-04 14:22:20.461root 11241100x80000000000000004286338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9d6215097be90b2022-01-04 14:22:20.461root 11241100x80000000000000004286339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c97fa0b2ace00d82022-01-04 14:22:20.461root 11241100x80000000000000004286340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753ba76affa8fe7a2022-01-04 14:22:20.461root 11241100x80000000000000004286341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235657200ef2a432022-01-04 14:22:20.462root 11241100x80000000000000004286342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c21bb3f713957bc2022-01-04 14:22:20.462root 11241100x80000000000000004286343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d620898fd6eac82022-01-04 14:22:20.462root 11241100x80000000000000004286344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a109440a8e4944562022-01-04 14:22:20.462root 11241100x80000000000000004286345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f7dc48019157ad2022-01-04 14:22:20.462root 11241100x80000000000000004286346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3514b61f0ab02c2022-01-04 14:22:20.462root 11241100x80000000000000004286347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d56fcb4ac6b45b92022-01-04 14:22:20.462root 11241100x80000000000000004286348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59176d1d78f8e2492022-01-04 14:22:20.462root 11241100x80000000000000004286349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b228f108dbca932022-01-04 14:22:20.462root 11241100x80000000000000004286350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb8e87fcec3dd232022-01-04 14:22:20.463root 11241100x80000000000000004286351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d07a186644cbeb2022-01-04 14:22:20.463root 11241100x80000000000000004286352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36955a3e4351cedd2022-01-04 14:22:20.959root 11241100x80000000000000004286353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818bc0661bff27ce2022-01-04 14:22:20.959root 11241100x80000000000000004286354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd495b6dd41b25392022-01-04 14:22:20.959root 11241100x80000000000000004286355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670b77ac273a4a3b2022-01-04 14:22:20.960root 11241100x80000000000000004286356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb1867825f387f02022-01-04 14:22:20.960root 11241100x80000000000000004286357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550bae7917f68dac2022-01-04 14:22:20.960root 11241100x80000000000000004286358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719baa157081a99d2022-01-04 14:22:20.960root 11241100x80000000000000004286359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01782422781138392022-01-04 14:22:20.960root 11241100x80000000000000004286360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939fdd582b22b4bd2022-01-04 14:22:20.960root 11241100x80000000000000004286361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac25063582e82042022-01-04 14:22:20.960root 11241100x80000000000000004286362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087fc82090674cd72022-01-04 14:22:20.960root 11241100x80000000000000004286363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dedccebb37f51952022-01-04 14:22:20.960root 11241100x80000000000000004286364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80736004fe482272022-01-04 14:22:20.961root 11241100x80000000000000004286365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6d94907b626eb62022-01-04 14:22:20.961root 11241100x80000000000000004286366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c6880d231bbd8b2022-01-04 14:22:20.961root 11241100x80000000000000004286367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7d8bf842063f6c2022-01-04 14:22:20.961root 11241100x80000000000000004286368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56e356f96fe8782022-01-04 14:22:20.961root 11241100x80000000000000004286369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6341e40264e52042022-01-04 14:22:20.961root 11241100x80000000000000004286370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be754aa378dfb152022-01-04 14:22:20.961root 11241100x80000000000000004286371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce5967ded1bdd732022-01-04 14:22:20.961root 11241100x80000000000000004286372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b469f5f51e40c99b2022-01-04 14:22:20.961root 11241100x80000000000000004286373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad51163fbf507b412022-01-04 14:22:20.962root 11241100x80000000000000004286374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb3478372db86d02022-01-04 14:22:20.962root 11241100x80000000000000004286375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ea838d29d6c52a2022-01-04 14:22:20.962root 11241100x80000000000000004286376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fe8761c7064e9f2022-01-04 14:22:20.962root 11241100x80000000000000004286377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784dfdb69e4cd6012022-01-04 14:22:20.962root 11241100x80000000000000004286378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22406eb8ee749f842022-01-04 14:22:20.962root 11241100x80000000000000004286379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223e974e790cf402022-01-04 14:22:21.459root 11241100x80000000000000004286380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe32936f0b94ce632022-01-04 14:22:21.460root 11241100x80000000000000004286381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457402c96cb9b7c72022-01-04 14:22:21.460root 11241100x80000000000000004286382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11700629af9d0d622022-01-04 14:22:21.460root 11241100x80000000000000004286383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496d7051881901cc2022-01-04 14:22:21.460root 11241100x80000000000000004286384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a97f7bd3bbfb3c2022-01-04 14:22:21.460root 11241100x80000000000000004286385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dfd98541478c9f2022-01-04 14:22:21.461root 11241100x80000000000000004286386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e271ef2ac80fdd2022-01-04 14:22:21.461root 11241100x80000000000000004286387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f0e98960e59e02022-01-04 14:22:21.461root 11241100x80000000000000004286388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968989fc9696a62e2022-01-04 14:22:21.461root 11241100x80000000000000004286389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0bbf9961d7a3df2022-01-04 14:22:21.461root 11241100x80000000000000004286390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e7f106aa40aad2022-01-04 14:22:21.461root 11241100x80000000000000004286391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a189bbf82b15abb82022-01-04 14:22:21.461root 11241100x80000000000000004286392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf19a7d6565b4e72022-01-04 14:22:21.461root 11241100x80000000000000004286393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d8a699d12671d42022-01-04 14:22:21.461root 11241100x80000000000000004286394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa206e2897056352022-01-04 14:22:21.461root 11241100x80000000000000004286395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337cc696f71335032022-01-04 14:22:21.461root 11241100x80000000000000004286396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e921797c99364f2022-01-04 14:22:21.462root 11241100x80000000000000004286397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acd590d6d2923f62022-01-04 14:22:21.462root 11241100x80000000000000004286398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de312065973b92792022-01-04 14:22:21.462root 11241100x80000000000000004286399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d9c126520f7fec2022-01-04 14:22:21.462root 11241100x80000000000000004286400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b9846d52bc0d1c2022-01-04 14:22:21.462root 11241100x80000000000000004286401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4275fba5ad3a272022-01-04 14:22:21.462root 11241100x80000000000000004286402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3557370f3f10d42022-01-04 14:22:21.462root 11241100x80000000000000004286403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65053e571a273bc2022-01-04 14:22:21.462root 11241100x80000000000000004286404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ffab0cb76923062022-01-04 14:22:21.462root 11241100x80000000000000004286405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4a99424f0a47f82022-01-04 14:22:21.462root 11241100x80000000000000004286406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d2359cf06986782022-01-04 14:22:21.462root 11241100x80000000000000004286407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0362f8c947b4c32022-01-04 14:22:21.462root 11241100x80000000000000004286408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dd07abc8a0b0f22022-01-04 14:22:21.462root 11241100x80000000000000004286409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c8f4927abd4d662022-01-04 14:22:21.959root 11241100x80000000000000004286410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72610b7bba603b642022-01-04 14:22:21.959root 11241100x80000000000000004286411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310fb11e06c3be922022-01-04 14:22:21.959root 11241100x80000000000000004286412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c1030c036a530a2022-01-04 14:22:21.959root 11241100x80000000000000004286413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939aeb189fc743ad2022-01-04 14:22:21.959root 11241100x80000000000000004286414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0024b90f766cc7142022-01-04 14:22:21.960root 11241100x80000000000000004286415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1735c2d2904c972022-01-04 14:22:21.960root 11241100x80000000000000004286416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b96ba4b573c54d2022-01-04 14:22:21.960root 11241100x80000000000000004286417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40886900e5bcbc72022-01-04 14:22:21.960root 11241100x80000000000000004286418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41e269b46ecff8f2022-01-04 14:22:21.960root 11241100x80000000000000004286419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e41f169ff40b432022-01-04 14:22:21.960root 11241100x80000000000000004286420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a576c1b30ee8d12022-01-04 14:22:21.960root 11241100x80000000000000004286421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316c9aef9d8daeaa2022-01-04 14:22:21.960root 11241100x80000000000000004286422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbdfc4de66838302022-01-04 14:22:21.961root 11241100x80000000000000004286423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e26d0201e99c002022-01-04 14:22:21.961root 11241100x80000000000000004286424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b0d766942750712022-01-04 14:22:21.961root 11241100x80000000000000004286425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed1ce7288ba5cd02022-01-04 14:22:21.961root 11241100x80000000000000004286426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8531ff5c8f0f1c2022-01-04 14:22:21.961root 11241100x80000000000000004286427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13108eda013f703f2022-01-04 14:22:21.961root 11241100x80000000000000004286428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c85f3f83c156a1c2022-01-04 14:22:21.961root 11241100x80000000000000004286429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf043f6a86fba7a2022-01-04 14:22:21.961root 11241100x80000000000000004286430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3823345a16fb4a2b2022-01-04 14:22:21.961root 11241100x80000000000000004286431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d1ca5a4cdad042022-01-04 14:22:21.962root 11241100x80000000000000004286432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bb7284bd21d2ff2022-01-04 14:22:21.962root 11241100x80000000000000004286433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a1b02d56bb35e92022-01-04 14:22:21.962root 11241100x80000000000000004286434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0cd127c2387e6e2022-01-04 14:22:21.962root 11241100x80000000000000004286435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e207101dcde247a2022-01-04 14:22:21.962root 11241100x80000000000000004286436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91937aecef2cbe92022-01-04 14:22:21.962root 11241100x80000000000000004286437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b96cb46efd36f72022-01-04 14:22:21.962root 11241100x80000000000000004286438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a16fbf4ccdb8a02022-01-04 14:22:21.962root 11241100x80000000000000004286439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef0376c1c48a6a2022-01-04 14:22:21.962root 11241100x80000000000000004286440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95af28b0d9bf84d32022-01-04 14:22:21.963root 11241100x80000000000000004286441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cc2d241b1e4d0b2022-01-04 14:22:21.963root 11241100x80000000000000004286442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ace44bf2eb55e562022-01-04 14:22:21.963root 11241100x80000000000000004286443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:21.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e8c1237c0b62872022-01-04 14:22:21.963root 11241100x80000000000000004286444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e98e5d724c442322022-01-04 14:22:22.459root 11241100x80000000000000004286445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858a794a4619fa6c2022-01-04 14:22:22.460root 11241100x80000000000000004286446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11aca565c318fc6b2022-01-04 14:22:22.460root 11241100x80000000000000004286447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177732156740a48e2022-01-04 14:22:22.460root 11241100x80000000000000004286448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2493faa3e0ffe0e2022-01-04 14:22:22.460root 11241100x80000000000000004286449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9002c3a7cf5011e2022-01-04 14:22:22.460root 11241100x80000000000000004286450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bbfd47686598ec2022-01-04 14:22:22.460root 11241100x80000000000000004286451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e1a57693e1f51f2022-01-04 14:22:22.460root 11241100x80000000000000004286452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e784c3589650cdfd2022-01-04 14:22:22.460root 11241100x80000000000000004286453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edce4ce254b7d802022-01-04 14:22:22.460root 11241100x80000000000000004286454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31217a92dc6b81c72022-01-04 14:22:22.460root 11241100x80000000000000004286455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4650ac02a2704322022-01-04 14:22:22.461root 11241100x80000000000000004286456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8225813348efe6992022-01-04 14:22:22.461root 11241100x80000000000000004286457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c5ef2ccfae8812022-01-04 14:22:22.461root 11241100x80000000000000004286458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfec3d8a32463302022-01-04 14:22:22.461root 11241100x80000000000000004286459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde8da4a676cd2672022-01-04 14:22:22.461root 11241100x80000000000000004286460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354a73dc1d06864a2022-01-04 14:22:22.461root 11241100x80000000000000004286461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f3133ad834f592022-01-04 14:22:22.461root 11241100x80000000000000004286462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd7bfc34f1165dd2022-01-04 14:22:22.461root 11241100x80000000000000004286463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee71b238c75f97082022-01-04 14:22:22.461root 11241100x80000000000000004286464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18abd7b81884c5e92022-01-04 14:22:22.463root 11241100x80000000000000004286465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b6903876c8f48f2022-01-04 14:22:22.463root 11241100x80000000000000004286466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdeab3e7e2bc8cc2022-01-04 14:22:22.464root 11241100x80000000000000004286467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9149ae7af2a5a1942022-01-04 14:22:22.464root 11241100x80000000000000004286468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dab814cfb1a9222022-01-04 14:22:22.464root 11241100x80000000000000004286469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af338ff3a22c843f2022-01-04 14:22:22.464root 11241100x80000000000000004286470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfce344024f2a2732022-01-04 14:22:22.464root 11241100x80000000000000004286471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8c6a10ea3c6bff2022-01-04 14:22:22.464root 11241100x80000000000000004286472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a9baf8860270c62022-01-04 14:22:22.959root 11241100x80000000000000004286473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b8bd64100a8c1b2022-01-04 14:22:22.959root 11241100x80000000000000004286474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eabbf93788c8d42022-01-04 14:22:22.959root 11241100x80000000000000004286475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb089bf7c8f1b8b12022-01-04 14:22:22.959root 11241100x80000000000000004286476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd6cec653463e2a2022-01-04 14:22:22.960root 11241100x80000000000000004286477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2894ad1ce6081ab62022-01-04 14:22:22.960root 11241100x80000000000000004286478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af49f0dde15d2052022-01-04 14:22:22.960root 11241100x80000000000000004286479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e70bcc5c71d77a42022-01-04 14:22:22.960root 11241100x80000000000000004286480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f9cdb94a856f362022-01-04 14:22:22.960root 11241100x80000000000000004286481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26477dca7228c0742022-01-04 14:22:22.960root 11241100x80000000000000004286482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d66bffe18ba5be02022-01-04 14:22:22.961root 11241100x80000000000000004286483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc08e38928431fd2022-01-04 14:22:22.961root 11241100x80000000000000004286484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f89ab0b37ff00b22022-01-04 14:22:22.961root 11241100x80000000000000004286485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8287a7a6344d529a2022-01-04 14:22:22.961root 11241100x80000000000000004286486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edb512ab3116f0e2022-01-04 14:22:22.961root 11241100x80000000000000004286487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc575d31d004d4f82022-01-04 14:22:22.961root 11241100x80000000000000004286488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5d4abab3069eb82022-01-04 14:22:22.961root 11241100x80000000000000004286489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b306c8f791800a602022-01-04 14:22:22.961root 11241100x80000000000000004286490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8446e59b5604b47a2022-01-04 14:22:22.961root 11241100x80000000000000004286491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dfe615e4ac5f602022-01-04 14:22:22.962root 11241100x80000000000000004286492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb12f14deb78fba2022-01-04 14:22:22.962root 11241100x80000000000000004286493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a695ef658e5612022-01-04 14:22:22.962root 11241100x80000000000000004286494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1770add7a5b81f2022-01-04 14:22:22.962root 11241100x80000000000000004286495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacd57b8df05fecc2022-01-04 14:22:22.962root 11241100x80000000000000004286496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898927722143a0062022-01-04 14:22:22.962root 11241100x80000000000000004286497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43726f62bdb316ac2022-01-04 14:22:22.962root 11241100x80000000000000004286498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a6b53bac050b7a2022-01-04 14:22:22.962root 11241100x80000000000000004286499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236c02f89977f6812022-01-04 14:22:22.962root 11241100x80000000000000004286500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6294fd880f4f2c492022-01-04 14:22:22.962root 11241100x80000000000000004286501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df207c51bab5deb42022-01-04 14:22:22.962root 11241100x80000000000000004286502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d5d6a848a17d32022-01-04 14:22:22.962root 11241100x80000000000000004286503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4863bd50a777effd2022-01-04 14:22:22.962root 11241100x80000000000000004286504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe934eaf301447e2022-01-04 14:22:23.459root 11241100x80000000000000004286505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9916716b69017ba52022-01-04 14:22:23.460root 11241100x80000000000000004286506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593e3ffe1f2d87ce2022-01-04 14:22:23.460root 11241100x80000000000000004286507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52417caee0bfda1d2022-01-04 14:22:23.460root 11241100x80000000000000004286508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00ed766b48a0f182022-01-04 14:22:23.460root 11241100x80000000000000004286509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1270e9340ece262022-01-04 14:22:23.460root 11241100x80000000000000004286510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f2dcd2e4fd60052022-01-04 14:22:23.460root 11241100x80000000000000004286511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11948dabbe81582e2022-01-04 14:22:23.460root 11241100x80000000000000004286512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1817f2d8b17975a82022-01-04 14:22:23.460root 11241100x80000000000000004286513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95de985e556885272022-01-04 14:22:23.460root 11241100x80000000000000004286514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5355b8deaea8e2812022-01-04 14:22:23.460root 11241100x80000000000000004286515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5150bf4e1a65901a2022-01-04 14:22:23.461root 11241100x80000000000000004286516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee07aef31672ca782022-01-04 14:22:23.461root 11241100x80000000000000004286517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397659fa35a5f2a62022-01-04 14:22:23.461root 11241100x80000000000000004286518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dcefce3dd72dfc2022-01-04 14:22:23.461root 11241100x80000000000000004286519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56edb4e16a072f02022-01-04 14:22:23.461root 11241100x80000000000000004286520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a076b1f56ae9422022-01-04 14:22:23.461root 11241100x80000000000000004286521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf82d44d6b4ca212022-01-04 14:22:23.461root 11241100x80000000000000004286522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28c134ff179a88a2022-01-04 14:22:23.461root 11241100x80000000000000004286523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7df73fe5a546432022-01-04 14:22:23.461root 11241100x80000000000000004286524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31781516d46d9cd92022-01-04 14:22:23.461root 11241100x80000000000000004286525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd9764d403dc542022-01-04 14:22:23.462root 11241100x80000000000000004286526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cec3c3c97906b72022-01-04 14:22:23.462root 11241100x80000000000000004286527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bfcce5775615032022-01-04 14:22:23.462root 11241100x80000000000000004286528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13883bf744f64832022-01-04 14:22:23.462root 11241100x80000000000000004286529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b47ef33a2dd0662022-01-04 14:22:23.462root 11241100x80000000000000004286530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1482378b6fb1e2432022-01-04 14:22:23.462root 11241100x80000000000000004286531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64ca88db01d99892022-01-04 14:22:23.959root 11241100x80000000000000004286532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dd97b72b66142e2022-01-04 14:22:23.960root 11241100x80000000000000004286533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99499ca7107a3aa42022-01-04 14:22:23.960root 11241100x80000000000000004286534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04985bf261c480b42022-01-04 14:22:23.960root 11241100x80000000000000004286535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958f73d3cba9ec192022-01-04 14:22:23.960root 11241100x80000000000000004286536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f539a82dff9169502022-01-04 14:22:23.960root 11241100x80000000000000004286537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5787d68c5245fb0b2022-01-04 14:22:23.960root 11241100x80000000000000004286538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33304bc6057368fd2022-01-04 14:22:23.960root 11241100x80000000000000004286539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3084d47981ca72022-01-04 14:22:23.960root 11241100x80000000000000004286540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b5fed563f6d0382022-01-04 14:22:23.960root 11241100x80000000000000004286541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c41092db71fc5c2022-01-04 14:22:23.960root 11241100x80000000000000004286542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99edefa3b2ccbe512022-01-04 14:22:23.960root 11241100x80000000000000004286543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3eadc3aad04ddd2022-01-04 14:22:23.961root 11241100x80000000000000004286544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0228a9355468db862022-01-04 14:22:23.961root 11241100x80000000000000004286545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ad000a6947fa6c2022-01-04 14:22:23.961root 11241100x80000000000000004286546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a283dce06925002022-01-04 14:22:23.961root 11241100x80000000000000004286547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6c19d8619f8e132022-01-04 14:22:23.961root 11241100x80000000000000004286548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ec48e6134505dc2022-01-04 14:22:23.961root 11241100x80000000000000004286549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1944a5b96768aa52022-01-04 14:22:23.961root 11241100x80000000000000004286550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd029763a9184b2022-01-04 14:22:23.961root 11241100x80000000000000004286551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00f2127f67cfccf2022-01-04 14:22:23.961root 11241100x80000000000000004286552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec65b078ca10bb52022-01-04 14:22:23.962root 11241100x80000000000000004286553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf78040251f24f02022-01-04 14:22:23.962root 11241100x80000000000000004286554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bc59f149b110652022-01-04 14:22:23.962root 11241100x80000000000000004286555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7681bf5910218aec2022-01-04 14:22:23.962root 11241100x80000000000000004286556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb87685c3d3f871f2022-01-04 14:22:23.962root 11241100x80000000000000004286557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:23.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75e7103538798982022-01-04 14:22:23.962root 11241100x80000000000000004286558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8614d5f1b3df018f2022-01-04 14:22:24.459root 11241100x80000000000000004286559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bed3ecf63e9d742022-01-04 14:22:24.459root 11241100x80000000000000004286560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cac76169e7fa822022-01-04 14:22:24.459root 11241100x80000000000000004286561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e6be38e82d54c12022-01-04 14:22:24.459root 11241100x80000000000000004286562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4be1c1e468f58c62022-01-04 14:22:24.460root 11241100x80000000000000004286563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7501525003115e2022-01-04 14:22:24.460root 11241100x80000000000000004286564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd1439c79336ca62022-01-04 14:22:24.460root 11241100x80000000000000004286565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d685598f7ef266222022-01-04 14:22:24.460root 11241100x80000000000000004286566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1a1b4fcd95b9e02022-01-04 14:22:24.460root 11241100x80000000000000004286567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3efee6e51a24d72022-01-04 14:22:24.460root 11241100x80000000000000004286568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f93474ea28f6c442022-01-04 14:22:24.460root 11241100x80000000000000004286569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab831dd746e7bac2022-01-04 14:22:24.460root 11241100x80000000000000004286570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69831a2dd35a84b82022-01-04 14:22:24.460root 11241100x80000000000000004286571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85abbac535a2fed2022-01-04 14:22:24.460root 11241100x80000000000000004286572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13304ac51284c5db2022-01-04 14:22:24.461root 11241100x80000000000000004286573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6891f477d86e0f382022-01-04 14:22:24.461root 11241100x80000000000000004286574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f241177798cfa42022-01-04 14:22:24.461root 11241100x80000000000000004286575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28b27c1fcaeff242022-01-04 14:22:24.461root 11241100x80000000000000004286576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf9983c55def34f2022-01-04 14:22:24.461root 11241100x80000000000000004286577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c583bcec49485ed2022-01-04 14:22:24.461root 11241100x80000000000000004286578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deab1386e5d94202022-01-04 14:22:24.461root 11241100x80000000000000004286579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb806a329deee9452022-01-04 14:22:24.461root 11241100x80000000000000004286580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5542d98006f01e6f2022-01-04 14:22:24.461root 11241100x80000000000000004286581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fb52f25fc3e17a2022-01-04 14:22:24.462root 11241100x80000000000000004286582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffb07eadb41c0812022-01-04 14:22:24.462root 11241100x80000000000000004286583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b680db76ab39e52022-01-04 14:22:24.462root 11241100x80000000000000004286584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baae090dc05c5ba82022-01-04 14:22:24.462root 11241100x80000000000000004286585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0061e468dea29522022-01-04 14:22:24.462root 11241100x80000000000000004286586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4b641f214bbc1f2022-01-04 14:22:24.462root 11241100x80000000000000004286587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d71540771e7b4ba2022-01-04 14:22:24.462root 11241100x80000000000000004286588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df184f2271029932022-01-04 14:22:24.462root 11241100x80000000000000004286589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2644482419f0bdf2022-01-04 14:22:24.462root 11241100x80000000000000004286590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f884c7c75b553a292022-01-04 14:22:24.462root 11241100x80000000000000004286591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef40f68d6d32abc72022-01-04 14:22:24.463root 11241100x80000000000000004286592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf94b0014a6de482022-01-04 14:22:24.463root 11241100x80000000000000004286593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbde1911e98cad7f2022-01-04 14:22:24.463root 11241100x80000000000000004286594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822a09b3ae9b907c2022-01-04 14:22:24.463root 11241100x80000000000000004286595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00f72f9f55a1cfd2022-01-04 14:22:24.463root 11241100x80000000000000004286596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405033192e2e422e2022-01-04 14:22:24.463root 11241100x80000000000000004286597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57d44224feeefd82022-01-04 14:22:24.463root 11241100x80000000000000004286598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a5eb38b84508f42022-01-04 14:22:24.959root 11241100x80000000000000004286599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a86e98adbb02d732022-01-04 14:22:24.959root 11241100x80000000000000004286600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99ac80318a13e2b2022-01-04 14:22:24.959root 11241100x80000000000000004286601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39a379492ca5f652022-01-04 14:22:24.959root 11241100x80000000000000004286602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c702cf96f30d8b2022-01-04 14:22:24.959root 11241100x80000000000000004286603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955a7f0dffc50a522022-01-04 14:22:24.960root 11241100x80000000000000004286604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a72cfd38cc493f2022-01-04 14:22:24.960root 11241100x80000000000000004286605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9736ef668f736eb42022-01-04 14:22:24.960root 11241100x80000000000000004286606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864159756a0b75752022-01-04 14:22:24.960root 11241100x80000000000000004286607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fbb87c457eeee12022-01-04 14:22:24.960root 11241100x80000000000000004286608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30a4fc3c1609c6f2022-01-04 14:22:24.960root 11241100x80000000000000004286609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ecea2726258fad2022-01-04 14:22:24.960root 11241100x80000000000000004286610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3e9fd4ecf78d452022-01-04 14:22:24.961root 11241100x80000000000000004286611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b5feccb50d5d4c2022-01-04 14:22:24.961root 11241100x80000000000000004286612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1e20b9089857762022-01-04 14:22:24.961root 11241100x80000000000000004286613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f87ffadb6d56b2e2022-01-04 14:22:24.961root 11241100x80000000000000004286614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01b81d17717039f2022-01-04 14:22:24.961root 11241100x80000000000000004286615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f143de6d19b67d2022-01-04 14:22:24.961root 11241100x80000000000000004286616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925518a203a764452022-01-04 14:22:24.961root 11241100x80000000000000004286617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f410b4d21000d962022-01-04 14:22:24.961root 11241100x80000000000000004286618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487d5e3e7f155fe62022-01-04 14:22:24.961root 11241100x80000000000000004286619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a66a3c7b27b02352022-01-04 14:22:24.961root 11241100x80000000000000004286620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209f9cd2058525fa2022-01-04 14:22:24.962root 11241100x80000000000000004286621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0b5b024012ecc72022-01-04 14:22:24.962root 11241100x80000000000000004286622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c50ec778d66d9e2022-01-04 14:22:24.962root 11241100x80000000000000004286623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986cfa3dcf6424a2022-01-04 14:22:24.962root 11241100x80000000000000004286624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3ccb02ffa6be722022-01-04 14:22:24.962root 11241100x80000000000000004286625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5916eaa6134142e32022-01-04 14:22:24.962root 11241100x80000000000000004286626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6993bc33481e72882022-01-04 14:22:24.962root 11241100x80000000000000004286627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dbbde9e0912ab62022-01-04 14:22:24.962root 11241100x80000000000000004286628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bd05ed06c6d7982022-01-04 14:22:24.962root 11241100x80000000000000004286629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2618cc37cef90e02022-01-04 14:22:24.962root 11241100x80000000000000004286630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55be50841475969a2022-01-04 14:22:24.962root 11241100x80000000000000004286631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdf2a4e52f48f5e2022-01-04 14:22:24.962root 11241100x80000000000000004286632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7652c57647d65b632022-01-04 14:22:24.962root 11241100x80000000000000004286633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c021eae0adb05a2c2022-01-04 14:22:24.963root 11241100x80000000000000004286634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c91963bd6a6c47e2022-01-04 14:22:24.963root 11241100x80000000000000004286635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:24.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbaf9540bb3b7402022-01-04 14:22:24.963root 11241100x80000000000000004286636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6c62a02f5d7fd52022-01-04 14:22:25.459root 11241100x80000000000000004286637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caead81639acebed2022-01-04 14:22:25.460root 11241100x80000000000000004286638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a8b8d0d22228472022-01-04 14:22:25.460root 11241100x80000000000000004286639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ff4859f5c12de2022-01-04 14:22:25.460root 11241100x80000000000000004286640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fc11a0f147d5672022-01-04 14:22:25.460root 11241100x80000000000000004286641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57ba40924ca15d82022-01-04 14:22:25.460root 11241100x80000000000000004286642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0508f818ed024952022-01-04 14:22:25.460root 11241100x80000000000000004286643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00a21c0ec76cc8f2022-01-04 14:22:25.460root 11241100x80000000000000004286644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fa14f933b75a602022-01-04 14:22:25.460root 11241100x80000000000000004286645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584cb6f8cf3bc6472022-01-04 14:22:25.460root 11241100x80000000000000004286646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41261212e7a4011c2022-01-04 14:22:25.460root 11241100x80000000000000004286647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38b11e15290ee8d2022-01-04 14:22:25.461root 11241100x80000000000000004286648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ba8f70a86b5a382022-01-04 14:22:25.461root 11241100x80000000000000004286649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7aedb0389e0e442022-01-04 14:22:25.461root 11241100x80000000000000004286650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0f7e433a93903b2022-01-04 14:22:25.461root 11241100x80000000000000004286651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5bb694e35c6ef72022-01-04 14:22:25.461root 11241100x80000000000000004286652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951b61fe0af92a0d2022-01-04 14:22:25.461root 11241100x80000000000000004286653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fdf1a7687a1a762022-01-04 14:22:25.461root 11241100x80000000000000004286654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45b042df54331e02022-01-04 14:22:25.461root 11241100x80000000000000004286655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c072dd66d74bad2022-01-04 14:22:25.461root 11241100x80000000000000004286656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406f2b7527393e452022-01-04 14:22:25.462root 11241100x80000000000000004286657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ae799ac191d1712022-01-04 14:22:25.462root 11241100x80000000000000004286658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd08c164c2d94722022-01-04 14:22:25.462root 11241100x80000000000000004286659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5977be937f1d9f52022-01-04 14:22:25.462root 11241100x80000000000000004286660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180734a8a93c8942022-01-04 14:22:25.462root 11241100x80000000000000004286661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ed07bf14348d802022-01-04 14:22:25.462root 11241100x80000000000000004286662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375d826fbdc7ca822022-01-04 14:22:25.462root 11241100x80000000000000004286663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536c43142b46e2692022-01-04 14:22:25.960root 11241100x80000000000000004286664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d849b3219a46a5022022-01-04 14:22:25.960root 11241100x80000000000000004286665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d360cd063152bacb2022-01-04 14:22:25.960root 11241100x80000000000000004286666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c2bac5e444e6182022-01-04 14:22:25.960root 11241100x80000000000000004286667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc423574e45676e2022-01-04 14:22:25.960root 11241100x80000000000000004286668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa624b29e1e614f2022-01-04 14:22:25.960root 11241100x80000000000000004286669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1502b8945f9852b62022-01-04 14:22:25.960root 11241100x80000000000000004286670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ce56946afe5cea2022-01-04 14:22:25.960root 11241100x80000000000000004286671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9887b916d38f028e2022-01-04 14:22:25.961root 11241100x80000000000000004286672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ecab411653b12b2022-01-04 14:22:25.961root 11241100x80000000000000004286673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2746d6f56f30cf42022-01-04 14:22:25.961root 11241100x80000000000000004286674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c14b5b4e8c2f62022-01-04 14:22:25.961root 11241100x80000000000000004286675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf4832ce9059aa02022-01-04 14:22:25.961root 11241100x80000000000000004286676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d375f937b47a3aa2022-01-04 14:22:25.961root 11241100x80000000000000004286677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5695848222ed57352022-01-04 14:22:25.962root 11241100x80000000000000004286678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5290ecfa8534e5f22022-01-04 14:22:25.962root 11241100x80000000000000004286679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964d7c625c484192022-01-04 14:22:25.962root 11241100x80000000000000004286680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc98c4598ec8a4e2022-01-04 14:22:25.962root 11241100x80000000000000004286681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c994c7a6f075d532022-01-04 14:22:25.962root 11241100x80000000000000004286682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32ba0561e13537b2022-01-04 14:22:25.962root 11241100x80000000000000004286683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7afb5c49232acc52022-01-04 14:22:25.963root 11241100x80000000000000004286684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ecfd51129f2d812022-01-04 14:22:25.963root 11241100x80000000000000004286685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0f0a7c53e8830e2022-01-04 14:22:25.963root 11241100x80000000000000004286686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97c3065ee8801e2022-01-04 14:22:25.963root 11241100x80000000000000004286687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737ff7d0288d3d032022-01-04 14:22:25.963root 11241100x80000000000000004286688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a9287fcad7398c2022-01-04 14:22:25.963root 11241100x80000000000000004286689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7108e07ae6aed07d2022-01-04 14:22:25.963root 354300x80000000000000004286690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.106{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41598-false10.0.1.12-8000- 11241100x80000000000000004286691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e5b804349c13e02022-01-04 14:22:26.460root 11241100x80000000000000004286692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f7d5eeeec31f52022-01-04 14:22:26.460root 11241100x80000000000000004286693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b98f205eecbe162022-01-04 14:22:26.460root 11241100x80000000000000004286694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a702a04f11a3f42022-01-04 14:22:26.460root 11241100x80000000000000004286695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d638a8f819a2f5342022-01-04 14:22:26.461root 11241100x80000000000000004286696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6150b1422d3991b22022-01-04 14:22:26.461root 11241100x80000000000000004286697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d23e40f71694b42022-01-04 14:22:26.461root 11241100x80000000000000004286698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feecd1bb3e05a8892022-01-04 14:22:26.461root 11241100x80000000000000004286699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c1aefe0dccde62022-01-04 14:22:26.461root 11241100x80000000000000004286700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e99439c63305dc2022-01-04 14:22:26.462root 11241100x80000000000000004286701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0222bd179dad96e12022-01-04 14:22:26.462root 11241100x80000000000000004286702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d280153ca21cea2022-01-04 14:22:26.462root 11241100x80000000000000004286703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dcd83ace7fcfdb2022-01-04 14:22:26.462root 11241100x80000000000000004286704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee7a84d019b1bf02022-01-04 14:22:26.462root 11241100x80000000000000004286705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dffcd4e5263196c2022-01-04 14:22:26.462root 11241100x80000000000000004286706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1bc2392ea901722022-01-04 14:22:26.463root 11241100x80000000000000004286707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f3656023a088802022-01-04 14:22:26.463root 11241100x80000000000000004286708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884045d019bd208b2022-01-04 14:22:26.463root 11241100x80000000000000004286709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca397dc3acd367e2022-01-04 14:22:26.463root 11241100x80000000000000004286710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadcc43a67b690382022-01-04 14:22:26.463root 11241100x80000000000000004286711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f75c098a0f9f162022-01-04 14:22:26.463root 11241100x80000000000000004286712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d6640b84fb42252022-01-04 14:22:26.463root 11241100x80000000000000004286713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958eea2fc3b223d2022-01-04 14:22:26.464root 11241100x80000000000000004286714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782c2338f622ae5c2022-01-04 14:22:26.464root 11241100x80000000000000004286715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42db4a5c20afab72022-01-04 14:22:26.464root 11241100x80000000000000004286716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb8528b7bdcea272022-01-04 14:22:26.464root 11241100x80000000000000004286717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d3fc44fdca9c702022-01-04 14:22:26.465root 11241100x80000000000000004286718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcdd2db11ef88cc2022-01-04 14:22:26.465root 11241100x80000000000000004286719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28503ef70d146dcf2022-01-04 14:22:26.465root 11241100x80000000000000004286720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138dd93a83dbf4442022-01-04 14:22:26.960root 11241100x80000000000000004286721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdca67ba9e07ee32022-01-04 14:22:26.960root 11241100x80000000000000004286722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa54f16def531562022-01-04 14:22:26.961root 11241100x80000000000000004286723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d16fbe3cef046d32022-01-04 14:22:26.961root 11241100x80000000000000004286724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257333218de500bc2022-01-04 14:22:26.961root 11241100x80000000000000004286725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bfcf69dbd560362022-01-04 14:22:26.961root 11241100x80000000000000004286726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec8dccb756ddb6b2022-01-04 14:22:26.961root 11241100x80000000000000004286727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a942d862d5dd6e72022-01-04 14:22:26.961root 11241100x80000000000000004286728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79671548b6fb83ad2022-01-04 14:22:26.961root 11241100x80000000000000004286729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c211b3935dfbd32022-01-04 14:22:26.961root 11241100x80000000000000004286730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24622d2d75adf1e92022-01-04 14:22:26.961root 11241100x80000000000000004286731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4fa852bd71593c2022-01-04 14:22:26.962root 11241100x80000000000000004286732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1040dbf02204dd2022-01-04 14:22:26.962root 11241100x80000000000000004286733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0641eae98d532b282022-01-04 14:22:26.962root 11241100x80000000000000004286734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6f546a237f8c682022-01-04 14:22:26.962root 11241100x80000000000000004286735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6593bcfa14a8b0f82022-01-04 14:22:26.962root 11241100x80000000000000004286736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dbaad42453e77f2022-01-04 14:22:26.962root 11241100x80000000000000004286737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2317c4121673ffb2022-01-04 14:22:26.962root 11241100x80000000000000004286738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd63df6fa561484a2022-01-04 14:22:26.962root 11241100x80000000000000004286739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c002ff0138bb4262022-01-04 14:22:26.962root 11241100x80000000000000004286740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a3e074e2f7eb882022-01-04 14:22:26.962root 11241100x80000000000000004286741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5401063e5fa9352022-01-04 14:22:26.963root 11241100x80000000000000004286742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d806a208c2a89ea2022-01-04 14:22:26.963root 11241100x80000000000000004286743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4235428abb2d62f82022-01-04 14:22:26.963root 11241100x80000000000000004286744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1175d764ca9680b92022-01-04 14:22:26.963root 11241100x80000000000000004286745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a1752bc36b2fd52022-01-04 14:22:26.963root 11241100x80000000000000004286746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf73d7d8f8736532022-01-04 14:22:26.963root 11241100x80000000000000004286747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e694b35a7f86702022-01-04 14:22:26.963root 354300x80000000000000004286748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.150{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42080-false10.0.1.12-8089- 11241100x80000000000000004286749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c416197153fa9d2022-01-04 14:22:27.460root 11241100x80000000000000004286750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89efa2cb6626ae742022-01-04 14:22:27.460root 11241100x80000000000000004286751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66556ac8448239c2022-01-04 14:22:27.460root 11241100x80000000000000004286752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e2d5e5af1678742022-01-04 14:22:27.460root 11241100x80000000000000004286753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecdb8a1f0b80af42022-01-04 14:22:27.460root 11241100x80000000000000004286754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50da5004190c52ab2022-01-04 14:22:27.460root 11241100x80000000000000004286755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf8e09b1b6c5a152022-01-04 14:22:27.460root 11241100x80000000000000004286756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11f521c2ed9dd362022-01-04 14:22:27.460root 11241100x80000000000000004286757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a451f962272a297e2022-01-04 14:22:27.461root 11241100x80000000000000004286758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34590a82f2d43e562022-01-04 14:22:27.461root 11241100x80000000000000004286759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d82f0f2c82372c2022-01-04 14:22:27.461root 11241100x80000000000000004286760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5ab171538926122022-01-04 14:22:27.461root 11241100x80000000000000004286761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8182d2fa92619dde2022-01-04 14:22:27.461root 11241100x80000000000000004286762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718a2b491c55e1d42022-01-04 14:22:27.461root 11241100x80000000000000004286763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f1df5f74d9c1d82022-01-04 14:22:27.461root 11241100x80000000000000004286764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a92f5d66ab335bf2022-01-04 14:22:27.461root 11241100x80000000000000004286765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a119b4410e0050d32022-01-04 14:22:27.461root 11241100x80000000000000004286766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914a8ef41106a3022022-01-04 14:22:27.462root 11241100x80000000000000004286767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f9cb4bdee1cf512022-01-04 14:22:27.462root 11241100x80000000000000004286768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa801bbaaf0d2a2022-01-04 14:22:27.462root 11241100x80000000000000004286769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8980a35dd2dcbd2022-01-04 14:22:27.462root 11241100x80000000000000004286770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3154bc22d034502022-01-04 14:22:27.462root 11241100x80000000000000004286771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09ffcdbc7178c262022-01-04 14:22:27.462root 11241100x80000000000000004286772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672bd5b61216a3112022-01-04 14:22:27.462root 11241100x80000000000000004286773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2695f7476b7e8a2022-01-04 14:22:27.462root 11241100x80000000000000004286774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def1a54f265327dc2022-01-04 14:22:27.462root 11241100x80000000000000004286775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6849635e80e498232022-01-04 14:22:27.462root 11241100x80000000000000004286776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004b33dbdb364e9e2022-01-04 14:22:27.463root 11241100x80000000000000004286777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0745e78656110cbd2022-01-04 14:22:27.463root 11241100x80000000000000004286778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da139175f2c9bd2022-01-04 14:22:27.960root 11241100x80000000000000004286779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c6aa25f05af3e12022-01-04 14:22:27.960root 11241100x80000000000000004286780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48b7721e3a78c482022-01-04 14:22:27.960root 11241100x80000000000000004286781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e82d5313c438e52022-01-04 14:22:27.960root 11241100x80000000000000004286782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957b0bfc2ae6e0c82022-01-04 14:22:27.960root 11241100x80000000000000004286783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7836c3346845912022-01-04 14:22:27.960root 11241100x80000000000000004286784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adfe7609cca6d4a2022-01-04 14:22:27.960root 11241100x80000000000000004286785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca751e1894b39ea92022-01-04 14:22:27.961root 11241100x80000000000000004286786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f246db718e0be1542022-01-04 14:22:27.961root 11241100x80000000000000004286787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ba97eef50d5492022-01-04 14:22:27.961root 11241100x80000000000000004286788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46ce37b1cbbc7472022-01-04 14:22:27.961root 11241100x80000000000000004286789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16983ca9cb2a9b292022-01-04 14:22:27.961root 11241100x80000000000000004286790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbae98b8421f61ea2022-01-04 14:22:27.961root 11241100x80000000000000004286791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e46e510ac00eef2022-01-04 14:22:27.961root 11241100x80000000000000004286792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922a620b3f74d2db2022-01-04 14:22:27.961root 11241100x80000000000000004286793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438c5fe2648363ae2022-01-04 14:22:27.961root 11241100x80000000000000004286794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dff4c06bc13cce2022-01-04 14:22:27.962root 11241100x80000000000000004286795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c305c6b6a55eea42022-01-04 14:22:27.962root 11241100x80000000000000004286796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e2f8dc42105322022-01-04 14:22:27.962root 11241100x80000000000000004286797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c79c494cb35c8292022-01-04 14:22:27.962root 11241100x80000000000000004286798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8e362e4bbc9aa82022-01-04 14:22:27.962root 11241100x80000000000000004286799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173d3809a7ab95da2022-01-04 14:22:27.962root 11241100x80000000000000004286800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72de06655f73667f2022-01-04 14:22:27.962root 11241100x80000000000000004286801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb5b94bf9d144fd2022-01-04 14:22:27.962root 11241100x80000000000000004286802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e401aae53210e4e2022-01-04 14:22:27.963root 11241100x80000000000000004286803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176a42b4fa940d4f2022-01-04 14:22:27.963root 11241100x80000000000000004286804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4b4188fbfc84242022-01-04 14:22:27.963root 11241100x80000000000000004286805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851607cfd4e818632022-01-04 14:22:27.963root 11241100x80000000000000004286806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:27.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1266e5f85c90ebc2022-01-04 14:22:27.963root 11241100x80000000000000004286807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a87c1b4fdae0f82022-01-04 14:22:28.459root 11241100x80000000000000004286808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f557470721e68c952022-01-04 14:22:28.459root 11241100x80000000000000004286809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b892e4fbbaba90c62022-01-04 14:22:28.459root 11241100x80000000000000004286810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaa14e51e22629f2022-01-04 14:22:28.459root 11241100x80000000000000004286811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d86f674ab379ef2022-01-04 14:22:28.459root 11241100x80000000000000004286812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60af3bb4264b91ff2022-01-04 14:22:28.460root 11241100x80000000000000004286813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb2381a8098dbf22022-01-04 14:22:28.460root 11241100x80000000000000004286814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52411740336c923c2022-01-04 14:22:28.460root 11241100x80000000000000004286815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b1c7210c1c9aa52022-01-04 14:22:28.460root 11241100x80000000000000004286816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51f0e2fe620cf352022-01-04 14:22:28.460root 11241100x80000000000000004286817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046f9ffb83c9bb602022-01-04 14:22:28.460root 11241100x80000000000000004286818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc650968616180b52022-01-04 14:22:28.460root 11241100x80000000000000004286819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4503ff4d5784432022-01-04 14:22:28.460root 11241100x80000000000000004286820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98229d3d8ae08db22022-01-04 14:22:28.460root 11241100x80000000000000004286821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1db8cc3b3bd7432022-01-04 14:22:28.461root 11241100x80000000000000004286822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbf244e018ced682022-01-04 14:22:28.461root 11241100x80000000000000004286823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f38074a81bd0462022-01-04 14:22:28.461root 11241100x80000000000000004286824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9100a987d7011322022-01-04 14:22:28.461root 11241100x80000000000000004286825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a40b404845743c2022-01-04 14:22:28.461root 11241100x80000000000000004286826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2f2769439409032022-01-04 14:22:28.461root 11241100x80000000000000004286827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7468ad8130dc63dc2022-01-04 14:22:28.461root 11241100x80000000000000004286828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56edf242ce861f0d2022-01-04 14:22:28.461root 11241100x80000000000000004286829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f405b06f41707a52022-01-04 14:22:28.461root 11241100x80000000000000004286830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c24e65029be8b8a2022-01-04 14:22:28.461root 11241100x80000000000000004286831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92e5a135d0a5f032022-01-04 14:22:28.462root 11241100x80000000000000004286832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b005a9c4c5ae1ea2022-01-04 14:22:28.462root 11241100x80000000000000004286833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733973ef19d348022022-01-04 14:22:28.463root 11241100x80000000000000004286834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28882fc0c1b9e2912022-01-04 14:22:28.463root 11241100x80000000000000004286835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d348c2bfef23109e2022-01-04 14:22:28.463root 11241100x80000000000000004286836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e16ccc8f5a9ed972022-01-04 14:22:28.463root 11241100x80000000000000004286837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e086efd50b1f5f762022-01-04 14:22:28.463root 11241100x80000000000000004286838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8922f894f3564b9a2022-01-04 14:22:28.463root 11241100x80000000000000004286839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c014ede68535832022-01-04 14:22:28.463root 11241100x80000000000000004286840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cad276f4182e852022-01-04 14:22:28.463root 11241100x80000000000000004286841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130ce2d37ea75f6d2022-01-04 14:22:28.463root 11241100x80000000000000004286842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2686b0e96457eb862022-01-04 14:22:28.464root 11241100x80000000000000004286843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a29e0693092244d2022-01-04 14:22:28.464root 11241100x80000000000000004286844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3d08e494d80c372022-01-04 14:22:28.960root 11241100x80000000000000004286845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0223640346efb92c2022-01-04 14:22:28.960root 11241100x80000000000000004286846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3769f63f333b482022-01-04 14:22:28.960root 11241100x80000000000000004286847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e8c149fbf692a22022-01-04 14:22:28.960root 11241100x80000000000000004286848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2559326997cf26522022-01-04 14:22:28.960root 11241100x80000000000000004286849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda4de5d16c5ec7d2022-01-04 14:22:28.960root 11241100x80000000000000004286850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bd4b983d739e5f2022-01-04 14:22:28.960root 11241100x80000000000000004286851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa28eaf386ff615d2022-01-04 14:22:28.960root 11241100x80000000000000004286852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1d894430c913bd2022-01-04 14:22:28.961root 11241100x80000000000000004286853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150f7706de969b462022-01-04 14:22:28.961root 11241100x80000000000000004286854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2032df1c6e9f4dd2022-01-04 14:22:28.961root 11241100x80000000000000004286855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15f34cc8cde8a412022-01-04 14:22:28.961root 11241100x80000000000000004286856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccd8a729dce0e862022-01-04 14:22:28.961root 11241100x80000000000000004286857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5797e6a887c68a5b2022-01-04 14:22:28.961root 11241100x80000000000000004286858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4265acf6e88182022-01-04 14:22:28.961root 11241100x80000000000000004286859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054263f6a15f00022022-01-04 14:22:28.961root 11241100x80000000000000004286860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bad07b7e035015f2022-01-04 14:22:28.961root 11241100x80000000000000004286861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daaf8e976470db12022-01-04 14:22:28.962root 11241100x80000000000000004286862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d782a67a75483452022-01-04 14:22:28.962root 11241100x80000000000000004286863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4e3b5fc602c1fd2022-01-04 14:22:28.962root 11241100x80000000000000004286864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f51f092d961aa62022-01-04 14:22:28.962root 11241100x80000000000000004286865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381b20849337304a2022-01-04 14:22:28.962root 11241100x80000000000000004286866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b244411b1115b92022-01-04 14:22:28.962root 11241100x80000000000000004286867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93f6c418aa1e7792022-01-04 14:22:28.962root 11241100x80000000000000004286868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b794f27657e8c6f2022-01-04 14:22:28.962root 11241100x80000000000000004286869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f478112f78e9eec2022-01-04 14:22:28.962root 11241100x80000000000000004286870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81fc5b6f0d6cbcd2022-01-04 14:22:28.963root 11241100x80000000000000004286871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6ebd023f5b350b2022-01-04 14:22:28.963root 11241100x80000000000000004286872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:28.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb4d3cb0c50b1a02022-01-04 14:22:28.963root 11241100x80000000000000004286873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048980b1ce565c002022-01-04 14:22:29.459root 11241100x80000000000000004286874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeaa12deb9436062022-01-04 14:22:29.459root 11241100x80000000000000004286875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f3d8d8689f315b2022-01-04 14:22:29.459root 11241100x80000000000000004286876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0a2bbcd6cc5bf02022-01-04 14:22:29.460root 11241100x80000000000000004286877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cfc58dbc4637252022-01-04 14:22:29.460root 11241100x80000000000000004286878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b89de33c25c4c402022-01-04 14:22:29.460root 11241100x80000000000000004286879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc1bf815195e5b02022-01-04 14:22:29.460root 11241100x80000000000000004286880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f462dd460362cc92022-01-04 14:22:29.461root 11241100x80000000000000004286881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a206452530b401652022-01-04 14:22:29.461root 11241100x80000000000000004286882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b313eba2fbda11362022-01-04 14:22:29.461root 11241100x80000000000000004286883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f2bd4fb77402072022-01-04 14:22:29.461root 11241100x80000000000000004286884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d8fd966bd91bf52022-01-04 14:22:29.461root 11241100x80000000000000004286885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3096bf4868f7742022-01-04 14:22:29.461root 11241100x80000000000000004286886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eedc6d0581b7b02022-01-04 14:22:29.461root 11241100x80000000000000004286887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6080dcca721c3f2022-01-04 14:22:29.461root 11241100x80000000000000004286888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614f32d228e2fdb32022-01-04 14:22:29.462root 11241100x80000000000000004286889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2ed1d4feefbad32022-01-04 14:22:29.462root 11241100x80000000000000004286890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388b0863a187e1fb2022-01-04 14:22:29.462root 11241100x80000000000000004286891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ae88646131ad562022-01-04 14:22:29.462root 11241100x80000000000000004286892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fa0d34c0951fad2022-01-04 14:22:29.462root 11241100x80000000000000004286893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ae99c447c1de7a2022-01-04 14:22:29.462root 11241100x80000000000000004286894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c9ec79174ff27f2022-01-04 14:22:29.462root 11241100x80000000000000004286895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f646a2807196fbf2022-01-04 14:22:29.462root 11241100x80000000000000004286896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae08e5d4491282b92022-01-04 14:22:29.462root 11241100x80000000000000004286897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0c023de73bb49d2022-01-04 14:22:29.462root 11241100x80000000000000004286898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60a3a077d1631762022-01-04 14:22:29.462root 11241100x80000000000000004286899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a953c03fa9ac65a2022-01-04 14:22:29.462root 11241100x80000000000000004286900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5283ee3096c7562022-01-04 14:22:29.463root 11241100x80000000000000004286901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38244d8a79bb91752022-01-04 14:22:29.463root 11241100x80000000000000004286902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb452f7cd71ffdc2022-01-04 14:22:29.463root 11241100x80000000000000004286903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7dbabea734d41f2022-01-04 14:22:29.463root 11241100x80000000000000004286904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7ac6e5ae93d8972022-01-04 14:22:29.463root 11241100x80000000000000004286905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496494d54f283cd12022-01-04 14:22:29.463root 11241100x80000000000000004286906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de9134964e68e822022-01-04 14:22:29.463root 11241100x80000000000000004286907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d69a4ae153fe5f52022-01-04 14:22:29.463root 11241100x80000000000000004286908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2f2039291396042022-01-04 14:22:29.463root 11241100x80000000000000004286909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa37132bbc96fde32022-01-04 14:22:29.463root 11241100x80000000000000004286910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591f8e261310a9272022-01-04 14:22:29.463root 11241100x80000000000000004286911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a95514a836f4f82022-01-04 14:22:29.464root 11241100x80000000000000004286912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4d4ea5191250942022-01-04 14:22:29.464root 11241100x80000000000000004286913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1da9109975bd1d82022-01-04 14:22:29.464root 11241100x80000000000000004286914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6002254d0c27832022-01-04 14:22:29.464root 11241100x80000000000000004286915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bce71727f06e622022-01-04 14:22:29.464root 11241100x80000000000000004286916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7289129a9db652842022-01-04 14:22:29.960root 11241100x80000000000000004286917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d9f3219e9599b32022-01-04 14:22:29.960root 11241100x80000000000000004286918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124253f9a92c74cf2022-01-04 14:22:29.960root 11241100x80000000000000004286919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dc804b2c080f7c2022-01-04 14:22:29.960root 11241100x80000000000000004286920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e351e3a545d4a8e42022-01-04 14:22:29.960root 11241100x80000000000000004286921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04120a19e9439d612022-01-04 14:22:29.960root 11241100x80000000000000004286922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5111c26720dbb582022-01-04 14:22:29.960root 11241100x80000000000000004286923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7cfff4db16dff52022-01-04 14:22:29.960root 11241100x80000000000000004286924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bdea20a50f843b2022-01-04 14:22:29.960root 11241100x80000000000000004286925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db6c4839e12d3452022-01-04 14:22:29.960root 11241100x80000000000000004286926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97a4a505db4ec9b2022-01-04 14:22:29.961root 11241100x80000000000000004286927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af172d61212a34792022-01-04 14:22:29.961root 11241100x80000000000000004286928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d30605f3f648f1f2022-01-04 14:22:29.961root 11241100x80000000000000004286929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe7ef74163a6bfa2022-01-04 14:22:29.961root 11241100x80000000000000004286930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2989f28ebd0d7b2022-01-04 14:22:29.961root 11241100x80000000000000004286931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3014745822becba2022-01-04 14:22:29.961root 11241100x80000000000000004286932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dde3404704ea8192022-01-04 14:22:29.961root 11241100x80000000000000004286933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116bf1e91f5ce33d2022-01-04 14:22:29.961root 11241100x80000000000000004286934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9133ab60d98cce2022-01-04 14:22:29.962root 11241100x80000000000000004286935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6360c35b04fc18362022-01-04 14:22:29.962root 11241100x80000000000000004286936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad593bbaaee58702022-01-04 14:22:29.962root 11241100x80000000000000004286937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd47f4dcb3456052022-01-04 14:22:29.962root 11241100x80000000000000004286938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad99d8f070662f2c2022-01-04 14:22:29.962root 11241100x80000000000000004286939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798e2072385106692022-01-04 14:22:29.962root 11241100x80000000000000004286940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745535dfb376f81d2022-01-04 14:22:29.962root 11241100x80000000000000004286941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b341b8a50b3acb962022-01-04 14:22:29.962root 11241100x80000000000000004286942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef70dc053155eef42022-01-04 14:22:29.962root 11241100x80000000000000004286943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16369b0148dbde92022-01-04 14:22:29.963root 11241100x80000000000000004286944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7edc6728977f64e2022-01-04 14:22:29.963root 11241100x80000000000000004286945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbb44b6e9762cb32022-01-04 14:22:29.963root 11241100x80000000000000004286946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddbce9e1c26a0272022-01-04 14:22:30.460root 11241100x80000000000000004286947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033dae732ceecd512022-01-04 14:22:30.460root 11241100x80000000000000004286948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639c858727d636762022-01-04 14:22:30.460root 11241100x80000000000000004286949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0398f01d1244d362022-01-04 14:22:30.460root 11241100x80000000000000004286950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732de2fc58a740542022-01-04 14:22:30.460root 11241100x80000000000000004286951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510c291e9edcbe392022-01-04 14:22:30.460root 11241100x80000000000000004286952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd07ea5e33da567b2022-01-04 14:22:30.460root 11241100x80000000000000004286953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d773ec27bf9c70ab2022-01-04 14:22:30.460root 11241100x80000000000000004286954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e330c5ebc570fac2022-01-04 14:22:30.461root 11241100x80000000000000004286955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5133d3fb56d81dac2022-01-04 14:22:30.461root 11241100x80000000000000004286956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3118db4e41ea742022-01-04 14:22:30.461root 11241100x80000000000000004286957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fb6b231a51819c2022-01-04 14:22:30.461root 11241100x80000000000000004286958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bf8901d7325b792022-01-04 14:22:30.461root 11241100x80000000000000004286959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740cc2248974368f2022-01-04 14:22:30.461root 11241100x80000000000000004286960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a98cbba1908ae7d2022-01-04 14:22:30.461root 11241100x80000000000000004286961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe9f3e25789ea82022-01-04 14:22:30.461root 11241100x80000000000000004286962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950b22b5cb0b0ec82022-01-04 14:22:30.462root 11241100x80000000000000004286963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa33c43c43dd34b2022-01-04 14:22:30.462root 11241100x80000000000000004286964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf81794be379f372022-01-04 14:22:30.462root 11241100x80000000000000004286965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76803b01e1fc7e0d2022-01-04 14:22:30.462root 11241100x80000000000000004286966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58914964ec68d08f2022-01-04 14:22:30.462root 11241100x80000000000000004286967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aeb44b9bd93f9362022-01-04 14:22:30.462root 11241100x80000000000000004286968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa32ef1feff2f6b82022-01-04 14:22:30.462root 11241100x80000000000000004286969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38562d6db9a52712022-01-04 14:22:30.462root 11241100x80000000000000004286970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736e10d30b00c4de2022-01-04 14:22:30.462root 11241100x80000000000000004286971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f575c8659df5d1eb2022-01-04 14:22:30.462root 11241100x80000000000000004286972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aef983d5ae086d2022-01-04 14:22:30.463root 11241100x80000000000000004286973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d41d0c845b49e662022-01-04 14:22:30.463root 11241100x80000000000000004286974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899826bcb0215ef82022-01-04 14:22:30.463root 11241100x80000000000000004286975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d9d5fb2cfdfb872022-01-04 14:22:30.959root 11241100x80000000000000004286976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b2e4636e2ea1da2022-01-04 14:22:30.959root 11241100x80000000000000004286977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fb2859f44158db2022-01-04 14:22:30.960root 11241100x80000000000000004286978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447db39de3b81e342022-01-04 14:22:30.960root 11241100x80000000000000004286979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa7696a0911a4182022-01-04 14:22:30.960root 11241100x80000000000000004286980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53018a3ab9a949992022-01-04 14:22:30.960root 11241100x80000000000000004286981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846bf69ccb0a6a402022-01-04 14:22:30.960root 11241100x80000000000000004286982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d347c3547cba12262022-01-04 14:22:30.960root 11241100x80000000000000004286983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb97ae5a8eea2452022-01-04 14:22:30.960root 11241100x80000000000000004286984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1795f46ede4b65b72022-01-04 14:22:30.960root 11241100x80000000000000004286985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b81f1e1543f1042022-01-04 14:22:30.960root 11241100x80000000000000004286986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca44c70154617cd2022-01-04 14:22:30.960root 11241100x80000000000000004286987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d708263dfd16432022-01-04 14:22:30.960root 11241100x80000000000000004286988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc02f6abf08b6c5c2022-01-04 14:22:30.960root 11241100x80000000000000004286989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7a0407031ac61f2022-01-04 14:22:30.960root 11241100x80000000000000004286990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d880cb62c8b6f9bf2022-01-04 14:22:30.961root 11241100x80000000000000004286991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7692d8c142e2bd0f2022-01-04 14:22:30.961root 11241100x80000000000000004286992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b717a353ed517442022-01-04 14:22:30.961root 11241100x80000000000000004286993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81eb7508c23dbef2022-01-04 14:22:30.961root 11241100x80000000000000004286994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c4d9e9c562fdad2022-01-04 14:22:30.961root 11241100x80000000000000004286995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506144cf7dbc9a62022-01-04 14:22:30.961root 11241100x80000000000000004286996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae7947ff69bfe3e2022-01-04 14:22:30.961root 11241100x80000000000000004286997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fd40b8f76fdc232022-01-04 14:22:30.961root 11241100x80000000000000004286998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c297a3f7fc9a952022-01-04 14:22:30.961root 11241100x80000000000000004286999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8302c9297025bb12022-01-04 14:22:30.961root 11241100x80000000000000004287000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1f0139596b3bf2022-01-04 14:22:30.961root 11241100x80000000000000004287001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe0c8264ca5a1152022-01-04 14:22:30.961root 11241100x80000000000000004287002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f582cc5bf1d43942022-01-04 14:22:30.962root 11241100x80000000000000004287003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4164d2e6c48c422022-01-04 14:22:30.962root 11241100x80000000000000004287004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b12c19b3e2593042022-01-04 14:22:30.962root 11241100x80000000000000004287005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2827c0de538d7f2022-01-04 14:22:30.962root 11241100x80000000000000004287006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eae831cf1f21c02022-01-04 14:22:30.962root 11241100x80000000000000004287007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839cdd36222ff8152022-01-04 14:22:30.962root 11241100x80000000000000004287008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c829e80913d3d7e2022-01-04 14:22:30.962root 11241100x80000000000000004287009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4fdad457ab87152022-01-04 14:22:30.962root 11241100x80000000000000004287010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10ddcc5860481b62022-01-04 14:22:30.962root 11241100x80000000000000004287011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e331e1f2a1ff20ed2022-01-04 14:22:30.962root 11241100x80000000000000004287012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9c6401f6523bbc2022-01-04 14:22:30.962root 11241100x80000000000000004287013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8d314bf78dba4b2022-01-04 14:22:30.962root 11241100x80000000000000004287014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f90c7109441b72022-01-04 14:22:30.962root 11241100x80000000000000004287015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a416f37b798c22022-01-04 14:22:30.962root 11241100x80000000000000004287016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f0023a3c8aedf22022-01-04 14:22:30.962root 11241100x80000000000000004287017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab35753af71f96022022-01-04 14:22:30.963root 11241100x80000000000000004287018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff52e167016587442022-01-04 14:22:30.963root 11241100x80000000000000004287019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ed1e3124ed14cf2022-01-04 14:22:30.963root 11241100x80000000000000004287020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9086b0942805892022-01-04 14:22:30.963root 11241100x80000000000000004287021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34aed9b755c145f2022-01-04 14:22:30.963root 11241100x80000000000000004287022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce80ebce84d704312022-01-04 14:22:30.963root 11241100x80000000000000004287023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff233b713ee875522022-01-04 14:22:30.963root 11241100x80000000000000004287024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1061f93cd8959a42022-01-04 14:22:30.963root 11241100x80000000000000004287025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcea176b819a91dc2022-01-04 14:22:30.963root 11241100x80000000000000004287026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2202b90f0381a2022-01-04 14:22:30.963root 11241100x80000000000000004287027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71038fdba6619a502022-01-04 14:22:30.963root 11241100x80000000000000004287028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f8c00dcc4aa0262022-01-04 14:22:30.963root 11241100x80000000000000004287029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304dc8e197fe72e02022-01-04 14:22:30.963root 11241100x80000000000000004287030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2028d29f64540c4f2022-01-04 14:22:30.963root 11241100x80000000000000004287031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664f57d4ba01b2b72022-01-04 14:22:30.963root 11241100x80000000000000004287032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9971c4344dd2ba2022-01-04 14:22:30.963root 11241100x80000000000000004287033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a787f4c1092dfe12022-01-04 14:22:30.964root 11241100x80000000000000004287034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87118053c3cc7ef2022-01-04 14:22:30.964root 11241100x80000000000000004287035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5c85998c83576a2022-01-04 14:22:30.964root 11241100x80000000000000004287036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b093849ea2c3f7d02022-01-04 14:22:30.964root 11241100x80000000000000004287037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01c3e3fd50cb01a2022-01-04 14:22:30.964root 11241100x80000000000000004287038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f7fd5d479fe5662022-01-04 14:22:30.964root 11241100x80000000000000004287039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1e1dc70da04a82022-01-04 14:22:30.964root 11241100x80000000000000004287040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cc87d5cde621e22022-01-04 14:22:30.964root 11241100x80000000000000004287041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33093cc9c9b6cdb62022-01-04 14:22:30.964root 11241100x80000000000000004287042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cdff90d68706e22022-01-04 14:22:30.964root 11241100x80000000000000004287043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a733fa2debddecf2022-01-04 14:22:30.965root 11241100x80000000000000004287044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f088debcbce02b22022-01-04 14:22:30.965root 11241100x80000000000000004287045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a06495a4f5ee792022-01-04 14:22:30.965root 11241100x80000000000000004287046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5105094ff405af172022-01-04 14:22:30.965root 11241100x80000000000000004287047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:30.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862ea33d7e33b8652022-01-04 14:22:30.966root 354300x80000000000000004287048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.145{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41602-false10.0.1.12-8000- 11241100x80000000000000004287049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.220{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:22:31.220root 11241100x80000000000000004287050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3b388a75c7d4602022-01-04 14:22:31.221root 11241100x80000000000000004287051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd618fe0802705ca2022-01-04 14:22:31.221root 11241100x80000000000000004287052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ffdfbcb5ed60f72022-01-04 14:22:31.221root 11241100x80000000000000004287053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba0412c65a74292022-01-04 14:22:31.221root 11241100x80000000000000004287054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5ecd80ac6c94a82022-01-04 14:22:31.221root 11241100x80000000000000004287055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7544d1a77566bb8d2022-01-04 14:22:31.221root 11241100x80000000000000004287056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609de4e97f84488d2022-01-04 14:22:31.222root 11241100x80000000000000004287057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc78121c8cf3329b2022-01-04 14:22:31.222root 11241100x80000000000000004287058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec3f237ce69fdf82022-01-04 14:22:31.222root 11241100x80000000000000004287059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c62fd382a3143f62022-01-04 14:22:31.222root 11241100x80000000000000004287060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deda692e18b246a2022-01-04 14:22:31.222root 11241100x80000000000000004287061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af0032026a430af2022-01-04 14:22:31.222root 11241100x80000000000000004287062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baae8990a3273e32022-01-04 14:22:31.222root 11241100x80000000000000004287063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdeb5dbc7da27da22022-01-04 14:22:31.222root 11241100x80000000000000004287064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e3f5574b61f1a72022-01-04 14:22:31.222root 11241100x80000000000000004287065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d211888927316fbb2022-01-04 14:22:31.222root 11241100x80000000000000004287066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3228c0ab4a0ce4122022-01-04 14:22:31.222root 11241100x80000000000000004287067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175767c77bef3db32022-01-04 14:22:31.222root 11241100x80000000000000004287068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d8ee64a15d55172022-01-04 14:22:31.223root 11241100x80000000000000004287069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9998f5f2eefbd2022-01-04 14:22:31.223root 11241100x80000000000000004287070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eb76b2054b325f2022-01-04 14:22:31.223root 11241100x80000000000000004287071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e3099347100f52022-01-04 14:22:31.223root 11241100x80000000000000004287072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a2beb3a5f8ca412022-01-04 14:22:31.223root 11241100x80000000000000004287073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1068556169355b5c2022-01-04 14:22:31.223root 11241100x80000000000000004287074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0658840e1135d8762022-01-04 14:22:31.223root 11241100x80000000000000004287075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d1356c29e11dd2022-01-04 14:22:31.223root 11241100x80000000000000004287076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81156557ba5f19ef2022-01-04 14:22:31.223root 11241100x80000000000000004287077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cbe3db51c8caba2022-01-04 14:22:31.223root 11241100x80000000000000004287078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baec55f3b1c68802022-01-04 14:22:31.223root 11241100x80000000000000004287079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb491eddc0803e2022-01-04 14:22:31.223root 11241100x80000000000000004287080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73065345d8641e3d2022-01-04 14:22:31.223root 11241100x80000000000000004287081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a9e009c52a6f8d2022-01-04 14:22:31.224root 11241100x80000000000000004287082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fce76e0155f7e42022-01-04 14:22:31.224root 11241100x80000000000000004287083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c636ef2dbed0b532022-01-04 14:22:31.224root 11241100x80000000000000004287084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f251dc3153021ca2022-01-04 14:22:31.224root 11241100x80000000000000004287085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c4fbf5cf192ef02022-01-04 14:22:31.224root 11241100x80000000000000004287086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6b1d275334b102022-01-04 14:22:31.224root 11241100x80000000000000004287087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8286de41810ad1bc2022-01-04 14:22:31.224root 11241100x80000000000000004287088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03380c22999c1b52022-01-04 14:22:31.224root 11241100x80000000000000004287089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cee5e1311abc212022-01-04 14:22:31.224root 11241100x80000000000000004287090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e324da83fbfbf2022-01-04 14:22:31.225root 11241100x80000000000000004287091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d58c177e2e0b46b2022-01-04 14:22:31.225root 11241100x80000000000000004287092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9788831ecbd802e12022-01-04 14:22:31.225root 11241100x80000000000000004287093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4d0347c7a7c0ce2022-01-04 14:22:31.225root 11241100x80000000000000004287094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16eb6e95050bf1b2022-01-04 14:22:31.225root 11241100x80000000000000004287095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b883c6af4ddfe3062022-01-04 14:22:31.225root 11241100x80000000000000004287096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a7b467a2f4d1832022-01-04 14:22:31.225root 11241100x80000000000000004287097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32ab5b95536d9f22022-01-04 14:22:31.225root 11241100x80000000000000004287098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207097ec3a9ab72d2022-01-04 14:22:31.225root 11241100x80000000000000004287099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dbd9080a007c562022-01-04 14:22:31.225root 11241100x80000000000000004287100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb3a59fd54633062022-01-04 14:22:31.225root 11241100x80000000000000004287101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9832884cce716dcb2022-01-04 14:22:31.225root 11241100x80000000000000004287102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc758c6749057c1c2022-01-04 14:22:31.226root 11241100x80000000000000004287103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96565729c24b90282022-01-04 14:22:31.226root 11241100x80000000000000004287104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320622c6ce6497bc2022-01-04 14:22:31.226root 11241100x80000000000000004287105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20dab0c026df7ab2022-01-04 14:22:31.226root 11241100x80000000000000004287106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecdfcfde6642d7e2022-01-04 14:22:31.226root 11241100x80000000000000004287107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b7d21d0556e2562022-01-04 14:22:31.226root 11241100x80000000000000004287108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099171a9cebad6f82022-01-04 14:22:31.226root 11241100x80000000000000004287109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f34647fbffb85662022-01-04 14:22:31.226root 11241100x80000000000000004287110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577dd37ac71a5a702022-01-04 14:22:31.709root 11241100x80000000000000004287111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387a3414fdb7b9932022-01-04 14:22:31.709root 11241100x80000000000000004287112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1008faf2b1ba16562022-01-04 14:22:31.710root 11241100x80000000000000004287113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc48ed04d9c9ab182022-01-04 14:22:31.710root 11241100x80000000000000004287114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa2c38e4e51277d2022-01-04 14:22:31.710root 11241100x80000000000000004287115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84573311e19eaeae2022-01-04 14:22:31.710root 11241100x80000000000000004287116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a75d01648ca0592022-01-04 14:22:31.710root 11241100x80000000000000004287117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d2df3b78fca9a62022-01-04 14:22:31.710root 11241100x80000000000000004287118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688588b446423d462022-01-04 14:22:31.710root 11241100x80000000000000004287119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfe2566b544539a2022-01-04 14:22:31.710root 11241100x80000000000000004287120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6911a5ddfcb38fbc2022-01-04 14:22:31.710root 11241100x80000000000000004287121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4684f9d0f2e74b2022-01-04 14:22:31.710root 11241100x80000000000000004287122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22df963017ae9fe22022-01-04 14:22:31.710root 11241100x80000000000000004287123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d307bdde8184182022-01-04 14:22:31.711root 11241100x80000000000000004287124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed87dc68cdf25d62022-01-04 14:22:31.711root 11241100x80000000000000004287125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b451ce91d6192ac92022-01-04 14:22:31.711root 11241100x80000000000000004287126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6608abfb56eb52c42022-01-04 14:22:31.711root 11241100x80000000000000004287127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8870de02d0b1d0962022-01-04 14:22:31.711root 11241100x80000000000000004287128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493f167e164a964b2022-01-04 14:22:31.711root 11241100x80000000000000004287129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb03fa11f0b4932c2022-01-04 14:22:31.711root 11241100x80000000000000004287130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a8edc6096088ea2022-01-04 14:22:31.711root 11241100x80000000000000004287131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531992236df6d1262022-01-04 14:22:31.711root 11241100x80000000000000004287132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf2e2f58dd6a5bf2022-01-04 14:22:31.711root 11241100x80000000000000004287133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a37b70216d45a352022-01-04 14:22:31.711root 11241100x80000000000000004287134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f920bafb78a7a52022-01-04 14:22:31.712root 11241100x80000000000000004287135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c05e8334dad59ea2022-01-04 14:22:31.712root 11241100x80000000000000004287136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a5201b754a7d52022-01-04 14:22:31.712root 11241100x80000000000000004287137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650ad52a4de618fb2022-01-04 14:22:31.712root 11241100x80000000000000004287138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5b8bbb41be33602022-01-04 14:22:31.712root 11241100x80000000000000004287139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08651900f5e3efe2022-01-04 14:22:31.712root 11241100x80000000000000004287140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e270ef3e180ac52022-01-04 14:22:31.712root 11241100x80000000000000004287141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd682d316cdad762022-01-04 14:22:32.209root 11241100x80000000000000004287142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9474f6839ebffd272022-01-04 14:22:32.209root 11241100x80000000000000004287143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00feed9cc8db69902022-01-04 14:22:32.210root 11241100x80000000000000004287144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e27feb2d9008d32022-01-04 14:22:32.210root 11241100x80000000000000004287145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a66242b090e45982022-01-04 14:22:32.210root 11241100x80000000000000004287146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8cdc4bb606db0e2022-01-04 14:22:32.210root 11241100x80000000000000004287147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528ff440040d86e42022-01-04 14:22:32.210root 11241100x80000000000000004287148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a45b6ec4f6e01ba2022-01-04 14:22:32.210root 11241100x80000000000000004287149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec6a59cc9032b962022-01-04 14:22:32.210root 11241100x80000000000000004287150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc72127613a3ab22022-01-04 14:22:32.210root 11241100x80000000000000004287151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc79a652c11dfeb2022-01-04 14:22:32.210root 11241100x80000000000000004287152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ea039b78268ff82022-01-04 14:22:32.210root 11241100x80000000000000004287153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac745c5eb04713f2022-01-04 14:22:32.210root 11241100x80000000000000004287154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e8f971479ee412022-01-04 14:22:32.210root 11241100x80000000000000004287155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327e70e9e97ffab02022-01-04 14:22:32.211root 11241100x80000000000000004287156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac0eac39a83441f2022-01-04 14:22:32.211root 11241100x80000000000000004287157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a16c2a5ad50c432022-01-04 14:22:32.211root 11241100x80000000000000004287158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfd3650c9a01e872022-01-04 14:22:32.211root 11241100x80000000000000004287159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed8d3f317e3c8862022-01-04 14:22:32.211root 11241100x80000000000000004287160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2715612fa26937372022-01-04 14:22:32.211root 11241100x80000000000000004287161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea4c892ed131b1a2022-01-04 14:22:32.211root 11241100x80000000000000004287162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7251460d1be0c52022-01-04 14:22:32.211root 11241100x80000000000000004287163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fb39f143e2a9162022-01-04 14:22:32.211root 11241100x80000000000000004287164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88757f318db4ecd2022-01-04 14:22:32.211root 11241100x80000000000000004287165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a2bdf9a424de082022-01-04 14:22:32.211root 11241100x80000000000000004287166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854b4c03f29557972022-01-04 14:22:32.211root 11241100x80000000000000004287167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24308b61c22d0b52022-01-04 14:22:32.211root 11241100x80000000000000004287168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e30b423ef6eda02022-01-04 14:22:32.212root 11241100x80000000000000004287169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1043ac00f431502022-01-04 14:22:32.212root 11241100x80000000000000004287170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01899ca45216329b2022-01-04 14:22:32.212root 11241100x80000000000000004287171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af01a2d90e0f6fc82022-01-04 14:22:32.212root 11241100x80000000000000004287172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89475b3e891edb362022-01-04 14:22:32.212root 11241100x80000000000000004287173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15568c9ff2389cfc2022-01-04 14:22:32.709root 11241100x80000000000000004287174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361dcc2a111124b12022-01-04 14:22:32.709root 11241100x80000000000000004287175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24540afd65293a192022-01-04 14:22:32.709root 11241100x80000000000000004287176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82454c10f65131ad2022-01-04 14:22:32.709root 11241100x80000000000000004287177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144c698c23966f5a2022-01-04 14:22:32.709root 11241100x80000000000000004287178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e476650cedec4ae82022-01-04 14:22:32.709root 11241100x80000000000000004287179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac0c72fd8f2b32b2022-01-04 14:22:32.709root 11241100x80000000000000004287180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46fdfd2a2ec66e22022-01-04 14:22:32.710root 11241100x80000000000000004287181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c0f0c5a0536b22022-01-04 14:22:32.710root 11241100x80000000000000004287182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a313c5427289d6f12022-01-04 14:22:32.710root 11241100x80000000000000004287183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666774f76d48604d2022-01-04 14:22:32.710root 11241100x80000000000000004287184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aca43b88510ef52022-01-04 14:22:32.710root 11241100x80000000000000004287185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378a554e4acef09b2022-01-04 14:22:32.710root 11241100x80000000000000004287186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a38b471137623142022-01-04 14:22:32.710root 11241100x80000000000000004287187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ed439f943ec70b2022-01-04 14:22:32.710root 11241100x80000000000000004287188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307d3cb87c83b82f2022-01-04 14:22:32.710root 11241100x80000000000000004287189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240d3d74d6d5484c2022-01-04 14:22:32.710root 11241100x80000000000000004287190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa1878edf93acb72022-01-04 14:22:32.710root 11241100x80000000000000004287191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966689f4e6a33bee2022-01-04 14:22:32.710root 11241100x80000000000000004287192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a49d27e3f9c7aa2022-01-04 14:22:32.710root 11241100x80000000000000004287193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd53ed7d2f218702022-01-04 14:22:32.710root 11241100x80000000000000004287194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edba36121fb6cce52022-01-04 14:22:32.710root 11241100x80000000000000004287195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b354b8362b311982022-01-04 14:22:32.711root 11241100x80000000000000004287196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9b51ce0d6ef4bc2022-01-04 14:22:32.711root 11241100x80000000000000004287197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a599d7fe4d7192022-01-04 14:22:32.711root 11241100x80000000000000004287198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1720407f17008c2022-01-04 14:22:32.711root 11241100x80000000000000004287199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8826458be3f18d22022-01-04 14:22:32.711root 11241100x80000000000000004287200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6fb4ee83037b112022-01-04 14:22:32.711root 11241100x80000000000000004287201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c8eb5431b00fef2022-01-04 14:22:32.711root 11241100x80000000000000004287202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fbb2ace15546192022-01-04 14:22:32.711root 11241100x80000000000000004287203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cf9d018c97c68d2022-01-04 14:22:32.711root 11241100x80000000000000004287204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44d6675d93fe7c2022-01-04 14:22:32.711root 11241100x80000000000000004287205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd8b62b89794c822022-01-04 14:22:33.210root 11241100x80000000000000004287206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69f540a908baa8a2022-01-04 14:22:33.210root 11241100x80000000000000004287207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb8407c649a1a5c2022-01-04 14:22:33.210root 11241100x80000000000000004287208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03403af647b7e9f2022-01-04 14:22:33.210root 11241100x80000000000000004287209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce19c70fd8727bda2022-01-04 14:22:33.210root 11241100x80000000000000004287210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605f64d0053d6d1a2022-01-04 14:22:33.210root 11241100x80000000000000004287211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afcb3c5284269bc2022-01-04 14:22:33.210root 11241100x80000000000000004287212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9ef5cb554f3a5f2022-01-04 14:22:33.210root 11241100x80000000000000004287213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5442052a1bb0da2022-01-04 14:22:33.210root 11241100x80000000000000004287214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f069b21d69280fcb2022-01-04 14:22:33.210root 11241100x80000000000000004287215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563eb9a98ce854222022-01-04 14:22:33.210root 11241100x80000000000000004287216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f875e5f90bac6dd42022-01-04 14:22:33.211root 11241100x80000000000000004287217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165415c559fe482a2022-01-04 14:22:33.211root 11241100x80000000000000004287218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59e3a8c7a86e6432022-01-04 14:22:33.211root 11241100x80000000000000004287219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de31ef240b83c7b02022-01-04 14:22:33.211root 11241100x80000000000000004287220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf2dac5da12f6112022-01-04 14:22:33.211root 11241100x80000000000000004287221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3b0581c0819baa2022-01-04 14:22:33.211root 11241100x80000000000000004287222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5d6f185fc4f4262022-01-04 14:22:33.211root 11241100x80000000000000004287223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd38d9e0118aa4ec2022-01-04 14:22:33.211root 11241100x80000000000000004287224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cabaf71bb475b12022-01-04 14:22:33.211root 11241100x80000000000000004287225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72720d5847fdc5ae2022-01-04 14:22:33.211root 11241100x80000000000000004287226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b051da71e081d0582022-01-04 14:22:33.211root 11241100x80000000000000004287227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a7905457cf9e8d2022-01-04 14:22:33.211root 11241100x80000000000000004287228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19d22ae988f307d2022-01-04 14:22:33.211root 11241100x80000000000000004287229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb00ce68506a2fb2022-01-04 14:22:33.211root 11241100x80000000000000004287230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48912ce75b8d288a2022-01-04 14:22:33.211root 11241100x80000000000000004287231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510f56edd6cdc8b82022-01-04 14:22:33.212root 11241100x80000000000000004287232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cca5128c6fdd3112022-01-04 14:22:33.212root 11241100x80000000000000004287233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edba8c3166ec339a2022-01-04 14:22:33.212root 11241100x80000000000000004287234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25d7cab8f97a52e2022-01-04 14:22:33.212root 11241100x80000000000000004287235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d0885a8f07e19d2022-01-04 14:22:33.212root 11241100x80000000000000004287236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2efc88a78da6a22022-01-04 14:22:33.709root 11241100x80000000000000004287237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7141115d181df2282022-01-04 14:22:33.709root 11241100x80000000000000004287238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ba8d522faf98a32022-01-04 14:22:33.709root 11241100x80000000000000004287239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab93c2114ceee262022-01-04 14:22:33.709root 11241100x80000000000000004287240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ff384be2fe260c2022-01-04 14:22:33.709root 11241100x80000000000000004287241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c904a70177a16dd12022-01-04 14:22:33.709root 11241100x80000000000000004287242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d9962962e709362022-01-04 14:22:33.709root 11241100x80000000000000004287243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ef2c789612467c2022-01-04 14:22:33.709root 11241100x80000000000000004287244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e540d279369ca1e62022-01-04 14:22:33.710root 11241100x80000000000000004287245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f5f6c060562d492022-01-04 14:22:33.710root 11241100x80000000000000004287246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef1c3ffd13f3092022-01-04 14:22:33.710root 11241100x80000000000000004287247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e66bee11257bbd32022-01-04 14:22:33.710root 11241100x80000000000000004287248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319da9cd78c81db12022-01-04 14:22:33.710root 11241100x80000000000000004287249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1769128f8e6c77eb2022-01-04 14:22:33.710root 11241100x80000000000000004287250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa68d1afdfa7fe62022-01-04 14:22:33.710root 11241100x80000000000000004287251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f7be157b02fdb2022-01-04 14:22:33.710root 11241100x80000000000000004287252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a618951af4f5752022-01-04 14:22:33.710root 11241100x80000000000000004287253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919d5d55854c234c2022-01-04 14:22:33.710root 11241100x80000000000000004287254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ee640ac835d3982022-01-04 14:22:33.710root 11241100x80000000000000004287255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887e83925fb794332022-01-04 14:22:33.710root 11241100x80000000000000004287256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b2bf0750b5f6af2022-01-04 14:22:33.710root 11241100x80000000000000004287257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ded43036ed2b9f92022-01-04 14:22:33.710root 11241100x80000000000000004287258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa622b316674af642022-01-04 14:22:33.711root 11241100x80000000000000004287259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11baeb9e256c71202022-01-04 14:22:33.711root 11241100x80000000000000004287260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247c22e6c42c13c32022-01-04 14:22:33.711root 11241100x80000000000000004287261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c1a0c6942810fc2022-01-04 14:22:33.711root 11241100x80000000000000004287262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec07715f07f3af982022-01-04 14:22:33.711root 11241100x80000000000000004287263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dc64ceb66ee62c2022-01-04 14:22:33.711root 11241100x80000000000000004287264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c04d3d32b9a0942022-01-04 14:22:33.711root 11241100x80000000000000004287265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380ba7749187bc862022-01-04 14:22:33.711root 11241100x80000000000000004287266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47258bcf56d98d3f2022-01-04 14:22:33.711root 11241100x80000000000000004287267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476604d6f35e404b2022-01-04 14:22:33.711root 11241100x80000000000000004287268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17bc2a3f40a9aec2022-01-04 14:22:33.712root 11241100x80000000000000004287269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c3054fe99dfecb2022-01-04 14:22:34.209root 11241100x80000000000000004287270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba79218a06173a582022-01-04 14:22:34.209root 11241100x80000000000000004287271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693cbdeeb05c8b182022-01-04 14:22:34.209root 11241100x80000000000000004287272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef07bebe85bdae22022-01-04 14:22:34.209root 11241100x80000000000000004287273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260bc188972ed082022-01-04 14:22:34.209root 11241100x80000000000000004287274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f807b832943c8e22022-01-04 14:22:34.210root 11241100x80000000000000004287275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc6bf3004d2d4dd2022-01-04 14:22:34.210root 11241100x80000000000000004287276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9da700174afc2eb2022-01-04 14:22:34.210root 11241100x80000000000000004287277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16499e392c74863a2022-01-04 14:22:34.210root 11241100x80000000000000004287278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29b531c185b868f2022-01-04 14:22:34.210root 11241100x80000000000000004287279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aa38bf5beb4fcb2022-01-04 14:22:34.211root 11241100x80000000000000004287280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2056d6a6ef417ea2022-01-04 14:22:34.211root 11241100x80000000000000004287281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa86ff7aa023406f2022-01-04 14:22:34.211root 11241100x80000000000000004287282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093a97643c07e45f2022-01-04 14:22:34.212root 11241100x80000000000000004287283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db2e083fd04a9452022-01-04 14:22:34.212root 11241100x80000000000000004287284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b107d6bd86beddd72022-01-04 14:22:34.212root 11241100x80000000000000004287285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994c0e6e4e3b38f2022-01-04 14:22:34.213root 11241100x80000000000000004287286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b491919c278dd552022-01-04 14:22:34.213root 11241100x80000000000000004287287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71af9e2fdf9dfd992022-01-04 14:22:34.213root 11241100x80000000000000004287288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d554feef881ee3822022-01-04 14:22:34.213root 11241100x80000000000000004287289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a75426141972ac2022-01-04 14:22:34.213root 11241100x80000000000000004287290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b894b5200d4dc72022-01-04 14:22:34.213root 11241100x80000000000000004287291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe13c9addbc85c942022-01-04 14:22:34.214root 11241100x80000000000000004287292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4145308136194d82022-01-04 14:22:34.214root 11241100x80000000000000004287293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0948eb9f206087da2022-01-04 14:22:34.214root 11241100x80000000000000004287294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea8cc033ba485d42022-01-04 14:22:34.215root 11241100x80000000000000004287295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefab98d923d92972022-01-04 14:22:34.215root 11241100x80000000000000004287296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98560e4b4ed8ae9e2022-01-04 14:22:34.215root 11241100x80000000000000004287297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ecc77c663e69842022-01-04 14:22:34.215root 11241100x80000000000000004287298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a332fd810f1f9c92022-01-04 14:22:34.215root 11241100x80000000000000004287299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d069c4464e19d2022-01-04 14:22:34.216root 11241100x80000000000000004287300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af4af0f26ce20c32022-01-04 14:22:34.216root 11241100x80000000000000004287301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7379dc43615a0c2022-01-04 14:22:34.216root 11241100x80000000000000004287302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c32a3c1b5e7392022-01-04 14:22:34.216root 11241100x80000000000000004287303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b70150adc9cd392022-01-04 14:22:34.216root 11241100x80000000000000004287304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327ab80aaa02d8922022-01-04 14:22:34.216root 11241100x80000000000000004287305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2b1c49eb574b852022-01-04 14:22:34.217root 23542300x80000000000000004287306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 534500x80000000000000004287307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.583{ec2e79f3-af45-61d2-c81a-c448f1550000}466/lib/systemd/systemd-journaldroot 11241100x80000000000000004287308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.584{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e264fa699f00751d2022-01-04 14:22:34.584root 11241100x80000000000000004287309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.584{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be10494dc34510312022-01-04 14:22:34.584root 11241100x80000000000000004287310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.584{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34de0a4a5c78c1172022-01-04 14:22:34.584root 11241100x80000000000000004287311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.585{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f272519ec055aa2022-01-04 14:22:34.585root 11241100x80000000000000004287312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.585{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4838a5cfe1c44c2022-01-04 14:22:34.585root 11241100x80000000000000004287313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.585{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200636233c45be192022-01-04 14:22:34.585root 11241100x80000000000000004287314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.585{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383f8fc0e775f4532022-01-04 14:22:34.585root 11241100x80000000000000004287315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.585{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357ad82c271ca39d2022-01-04 14:22:34.585root 11241100x80000000000000004287316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.585{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd71f4d52eb1c1c2022-01-04 14:22:34.585root 11241100x80000000000000004287317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507df30a047f133f2022-01-04 14:22:34.586root 11241100x80000000000000004287318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6d448021858afd2022-01-04 14:22:34.586root 11241100x80000000000000004287319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c956bcfd1a0a8ca62022-01-04 14:22:34.586root 11241100x80000000000000004287320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659c46d843f36a2a2022-01-04 14:22:34.586root 11241100x80000000000000004287321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b675d7256612f9792022-01-04 14:22:34.586root 11241100x80000000000000004287322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4ef634c721ba682022-01-04 14:22:34.586root 11241100x80000000000000004287323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05878827c5ff13762022-01-04 14:22:34.586root 11241100x80000000000000004287324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7073c7683f569392022-01-04 14:22:34.586root 11241100x80000000000000004287325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.586{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c605455f354f3bf2022-01-04 14:22:34.586root 11241100x80000000000000004287326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.587{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d832b09cb0585a52022-01-04 14:22:34.587root 11241100x80000000000000004287327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.587{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448ddb361fac7f3d2022-01-04 14:22:34.587root 11241100x80000000000000004287328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ef43554c05a7772022-01-04 14:22:34.588root 11241100x80000000000000004287329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e8019c0a92cc2f2022-01-04 14:22:34.588root 11241100x80000000000000004287330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ebccf51b877e82022-01-04 14:22:34.588root 11241100x80000000000000004287331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cb0fe81b3b25032022-01-04 14:22:34.588root 11241100x80000000000000004287332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baa0111fe125f462022-01-04 14:22:34.588root 11241100x80000000000000004287333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acd4c5a1c81ecd62022-01-04 14:22:34.588root 11241100x80000000000000004287334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ea6b7c801cf3662022-01-04 14:22:34.588root 11241100x80000000000000004287335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.588{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d784242e3f974d2022-01-04 14:22:34.588root 11241100x80000000000000004287336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.589{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44501840f2f830432022-01-04 14:22:34.589root 11241100x80000000000000004287337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.590{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42941c0f426954af2022-01-04 14:22:34.590root 11241100x80000000000000004287338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.603{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda2cda8ad29396c2022-01-04 14:22:34.603root 11241100x80000000000000004287339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.603{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d497f4c31a6cb372022-01-04 14:22:34.603root 11241100x80000000000000004287340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1c5e83ff5b3fa32022-01-04 14:22:34.959root 11241100x80000000000000004287341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88df26686fc58f492022-01-04 14:22:34.959root 11241100x80000000000000004287342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988570dbeb7707192022-01-04 14:22:34.960root 11241100x80000000000000004287343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1170b19181704f3a2022-01-04 14:22:34.960root 11241100x80000000000000004287344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b34469320b7aeca2022-01-04 14:22:34.960root 11241100x80000000000000004287345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e370b07857c41b082022-01-04 14:22:34.960root 11241100x80000000000000004287346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f731eef77c0a5d4b2022-01-04 14:22:34.960root 11241100x80000000000000004287347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf7d5dafa06ae002022-01-04 14:22:34.961root 11241100x80000000000000004287348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bd332a296d6f862022-01-04 14:22:34.961root 11241100x80000000000000004287349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40ba17b28de97352022-01-04 14:22:34.961root 11241100x80000000000000004287350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96652f63710224c82022-01-04 14:22:34.961root 11241100x80000000000000004287351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c60b3793a98c1cb2022-01-04 14:22:34.961root 11241100x80000000000000004287352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66995d4cf0c4fbba2022-01-04 14:22:34.961root 11241100x80000000000000004287353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084b34c493a9c7232022-01-04 14:22:34.961root 11241100x80000000000000004287354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13765c2c12bd90822022-01-04 14:22:34.961root 11241100x80000000000000004287355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2793855d83c7ade2022-01-04 14:22:34.961root 11241100x80000000000000004287356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3ce4645395de032022-01-04 14:22:34.961root 11241100x80000000000000004287357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33567808256583062022-01-04 14:22:34.961root 11241100x80000000000000004287358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d5ac0adfff63af2022-01-04 14:22:34.961root 11241100x80000000000000004287359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b604cf48df81e72022-01-04 14:22:34.961root 11241100x80000000000000004287360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b262105554c857f52022-01-04 14:22:34.961root 11241100x80000000000000004287361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a23a30616041d8c2022-01-04 14:22:34.961root 11241100x80000000000000004287362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2d4f478d34ab382022-01-04 14:22:34.961root 11241100x80000000000000004287363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d375bab2be19bc932022-01-04 14:22:34.962root 11241100x80000000000000004287364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cd03eaebee070e2022-01-04 14:22:34.962root 11241100x80000000000000004287365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8255282cf895474f2022-01-04 14:22:34.962root 11241100x80000000000000004287366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241c672f8c1ec6a72022-01-04 14:22:34.962root 11241100x80000000000000004287367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2829b59c4947aac2022-01-04 14:22:34.962root 11241100x80000000000000004287368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cb05bccced5d672022-01-04 14:22:34.962root 11241100x80000000000000004287369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af0a940b38e8ca32022-01-04 14:22:34.962root 11241100x80000000000000004287370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aff3c9ef3095822022-01-04 14:22:34.962root 11241100x80000000000000004287371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055648c522f678db2022-01-04 14:22:34.963root 11241100x80000000000000004287372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bc207914941b962022-01-04 14:22:34.963root 11241100x80000000000000004287373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8912b05b3f4edd582022-01-04 14:22:35.459root 11241100x80000000000000004287374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e4c85e606d0c4d2022-01-04 14:22:35.460root 11241100x80000000000000004287375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb518117a172d0f2022-01-04 14:22:35.460root 11241100x80000000000000004287376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67d16643fe0dce2022-01-04 14:22:35.460root 11241100x80000000000000004287377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381b219ffbd93b5e2022-01-04 14:22:35.460root 11241100x80000000000000004287378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cada88a0593c05f72022-01-04 14:22:35.461root 11241100x80000000000000004287379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7140831d7d2e332f2022-01-04 14:22:35.461root 11241100x80000000000000004287380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f795db2a79f61ae2022-01-04 14:22:35.461root 11241100x80000000000000004287381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be10b589afdeee3b2022-01-04 14:22:35.461root 11241100x80000000000000004287382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe6f959fd2f5ae72022-01-04 14:22:35.462root 11241100x80000000000000004287383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cb725614667e302022-01-04 14:22:35.462root 11241100x80000000000000004287384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845aa86f94e1a08a2022-01-04 14:22:35.462root 11241100x80000000000000004287385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f0478901dba9222022-01-04 14:22:35.462root 11241100x80000000000000004287386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b4a07c5b63d78b2022-01-04 14:22:35.462root 11241100x80000000000000004287387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c142ca0087bcda02022-01-04 14:22:35.462root 11241100x80000000000000004287388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ca82b32bf421ee2022-01-04 14:22:35.462root 11241100x80000000000000004287389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b128f199854deb22022-01-04 14:22:35.462root 11241100x80000000000000004287390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4799098c961b83522022-01-04 14:22:35.462root 11241100x80000000000000004287391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5b67790f453a782022-01-04 14:22:35.462root 11241100x80000000000000004287392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec782d00652ca34a2022-01-04 14:22:35.462root 11241100x80000000000000004287393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536535b42c956b8c2022-01-04 14:22:35.463root 11241100x80000000000000004287394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c816eb3ad17402a42022-01-04 14:22:35.463root 11241100x80000000000000004287395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bb88228f35f1672022-01-04 14:22:35.463root 11241100x80000000000000004287396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6269612aa7bfbf582022-01-04 14:22:35.463root 11241100x80000000000000004287397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfd10ccb8cd72682022-01-04 14:22:35.463root 11241100x80000000000000004287398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a2f47d60b414d72022-01-04 14:22:35.463root 11241100x80000000000000004287399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca18f776614316a2022-01-04 14:22:35.463root 11241100x80000000000000004287400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ff7a958fac59ce2022-01-04 14:22:35.463root 11241100x80000000000000004287401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b02ae9e7178f6d72022-01-04 14:22:35.463root 11241100x80000000000000004287402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9494e484c55b472022-01-04 14:22:35.463root 11241100x80000000000000004287403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70f9eb6beeb81ff2022-01-04 14:22:35.464root 11241100x80000000000000004287404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9793060212e80de42022-01-04 14:22:35.464root 11241100x80000000000000004287405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb64b17b840d97082022-01-04 14:22:35.464root 11241100x80000000000000004287406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577fc41efd34130b2022-01-04 14:22:35.464root 11241100x80000000000000004287407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7dabf6054ea4f22022-01-04 14:22:35.464root 11241100x80000000000000004287408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755563f84738ad1e2022-01-04 14:22:35.464root 11241100x80000000000000004287409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c834eb30651a2e702022-01-04 14:22:35.959root 11241100x80000000000000004287410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54105af155e42ec92022-01-04 14:22:35.959root 11241100x80000000000000004287411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2b3817a8c4609d2022-01-04 14:22:35.959root 11241100x80000000000000004287412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dc85070d025c532022-01-04 14:22:35.959root 11241100x80000000000000004287413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf028e9200598c62022-01-04 14:22:35.959root 11241100x80000000000000004287414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb7661da40be2442022-01-04 14:22:35.960root 11241100x80000000000000004287415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ac3039fc6540122022-01-04 14:22:35.960root 11241100x80000000000000004287416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13ede624b106fb2022-01-04 14:22:35.960root 11241100x80000000000000004287417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0013c7b4169e29e72022-01-04 14:22:35.960root 11241100x80000000000000004287418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedd2e2f569425c12022-01-04 14:22:35.960root 11241100x80000000000000004287419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d46663ff8318d92022-01-04 14:22:35.960root 11241100x80000000000000004287420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef670667798d9bf62022-01-04 14:22:35.961root 11241100x80000000000000004287421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0427b4e1ce39b2e92022-01-04 14:22:35.961root 11241100x80000000000000004287422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b88a5adfa5ec722022-01-04 14:22:35.961root 11241100x80000000000000004287423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5f5ea6c8a07f452022-01-04 14:22:35.961root 11241100x80000000000000004287424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0bb0f9a4d77bbf2022-01-04 14:22:35.961root 11241100x80000000000000004287425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec70aeb7cdb928e42022-01-04 14:22:35.961root 11241100x80000000000000004287426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8828dbb036344b2022-01-04 14:22:35.961root 11241100x80000000000000004287427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21f078d4fb5fc642022-01-04 14:22:35.961root 11241100x80000000000000004287428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9ddf8208362fef2022-01-04 14:22:35.962root 11241100x80000000000000004287429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2251f220e9aad3202022-01-04 14:22:35.962root 11241100x80000000000000004287430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e85e741a4c03672022-01-04 14:22:35.962root 11241100x80000000000000004287431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ffdde075b18e482022-01-04 14:22:35.962root 11241100x80000000000000004287432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc0a8a3334758ba2022-01-04 14:22:35.962root 11241100x80000000000000004287433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a9a8a97fb6c56e2022-01-04 14:22:35.962root 11241100x80000000000000004287434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ad1c28488b17442022-01-04 14:22:35.962root 11241100x80000000000000004287435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bd7e128675f1172022-01-04 14:22:35.962root 11241100x80000000000000004287436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2565cd4013b0c32022-01-04 14:22:35.962root 11241100x80000000000000004287437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6b3ca4137e7b632022-01-04 14:22:35.962root 11241100x80000000000000004287438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b473e4c58f977b2022-01-04 14:22:35.962root 11241100x80000000000000004287439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c821aae85851d892022-01-04 14:22:35.963root 11241100x80000000000000004287440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8de31cc2a1dd812022-01-04 14:22:35.963root 11241100x80000000000000004287441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9086873f9bb7897b2022-01-04 14:22:35.963root 11241100x80000000000000004287442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3187dfa8ec8c2f0a2022-01-04 14:22:36.459root 11241100x80000000000000004287443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba292daa5f6a4882022-01-04 14:22:36.460root 11241100x80000000000000004287444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f4ae109708c9322022-01-04 14:22:36.460root 11241100x80000000000000004287445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9a71d461643ee82022-01-04 14:22:36.460root 11241100x80000000000000004287446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3941c717fe5b0752022-01-04 14:22:36.460root 11241100x80000000000000004287447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d3cb4ee1c5073e2022-01-04 14:22:36.460root 11241100x80000000000000004287448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8434562d6aacfa9b2022-01-04 14:22:36.460root 11241100x80000000000000004287449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695af50a2a68539a2022-01-04 14:22:36.460root 11241100x80000000000000004287450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2867f2a5f89677002022-01-04 14:22:36.460root 11241100x80000000000000004287451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cb5356202fba992022-01-04 14:22:36.460root 11241100x80000000000000004287452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d68c94ea39a91f2022-01-04 14:22:36.460root 11241100x80000000000000004287453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ec4ddae94f228d2022-01-04 14:22:36.460root 11241100x80000000000000004287454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143775d4ca852d72022-01-04 14:22:36.461root 11241100x80000000000000004287455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbec6e01fe230c652022-01-04 14:22:36.461root 11241100x80000000000000004287456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b91c46481ecc352022-01-04 14:22:36.461root 11241100x80000000000000004287457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdc7e914a7b167c2022-01-04 14:22:36.461root 11241100x80000000000000004287458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf12aada2d17efe2022-01-04 14:22:36.461root 11241100x80000000000000004287459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34212c5fb18902792022-01-04 14:22:36.461root 11241100x80000000000000004287460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e61f31b3abec582022-01-04 14:22:36.461root 11241100x80000000000000004287461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75699da46ae36a5e2022-01-04 14:22:36.461root 11241100x80000000000000004287462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b294351c22ec622022-01-04 14:22:36.461root 11241100x80000000000000004287463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d4b4c388f90a912022-01-04 14:22:36.461root 11241100x80000000000000004287464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369db6f4f260167e2022-01-04 14:22:36.461root 11241100x80000000000000004287465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adebc08f1d228722022-01-04 14:22:36.461root 11241100x80000000000000004287466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c9dfb77a27dfde2022-01-04 14:22:36.461root 11241100x80000000000000004287467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65709f20f04b0f02022-01-04 14:22:36.461root 11241100x80000000000000004287468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e054acb721e1ae652022-01-04 14:22:36.461root 11241100x80000000000000004287469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5d8584729ed0fd2022-01-04 14:22:36.462root 11241100x80000000000000004287470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aff5d726baf71e2022-01-04 14:22:36.462root 11241100x80000000000000004287471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a8ffb54af9ee962022-01-04 14:22:36.462root 11241100x80000000000000004287472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14f01a3246f7d082022-01-04 14:22:36.462root 11241100x80000000000000004287473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddb83c70dedff512022-01-04 14:22:36.462root 11241100x80000000000000004287474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18dcc8e235093ec2022-01-04 14:22:36.462root 11241100x80000000000000004287475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a58b7672d86b6572022-01-04 14:22:36.959root 11241100x80000000000000004287476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7babcba830502aa82022-01-04 14:22:36.959root 11241100x80000000000000004287477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefbff453fb193a02022-01-04 14:22:36.959root 11241100x80000000000000004287478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca94a43dc95a33c2022-01-04 14:22:36.959root 11241100x80000000000000004287479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8c34444391353b2022-01-04 14:22:36.959root 11241100x80000000000000004287480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383af2e07468bd082022-01-04 14:22:36.959root 11241100x80000000000000004287481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b8d2b9dc8444dd2022-01-04 14:22:36.959root 11241100x80000000000000004287482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b8b99734b2c0002022-01-04 14:22:36.960root 11241100x80000000000000004287483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3303cf2e27e51832022-01-04 14:22:36.960root 11241100x80000000000000004287484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57113b05b0d7a732022-01-04 14:22:36.960root 11241100x80000000000000004287485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f884dd21a285e72022-01-04 14:22:36.960root 11241100x80000000000000004287486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a451583888ce2c2f2022-01-04 14:22:36.960root 11241100x80000000000000004287487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c6ccd457561c562022-01-04 14:22:36.960root 11241100x80000000000000004287488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e24a446fb16c4e2022-01-04 14:22:36.960root 11241100x80000000000000004287489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fc56e2565578762022-01-04 14:22:36.960root 11241100x80000000000000004287490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67313e4607d30ef2022-01-04 14:22:36.960root 11241100x80000000000000004287491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbc84b7817cf72d2022-01-04 14:22:36.960root 11241100x80000000000000004287492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbd0c72595062db2022-01-04 14:22:36.960root 11241100x80000000000000004287493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f731e31d1df522c2022-01-04 14:22:36.960root 11241100x80000000000000004287494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7c414ef87c19712022-01-04 14:22:36.961root 11241100x80000000000000004287495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6085db758bd663bc2022-01-04 14:22:36.961root 11241100x80000000000000004287496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab2d0bc0d98bc0a2022-01-04 14:22:36.961root 11241100x80000000000000004287497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e8b1638136aaac2022-01-04 14:22:36.961root 11241100x80000000000000004287498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91eacc8d47adbca2022-01-04 14:22:36.961root 11241100x80000000000000004287499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19de11a54f15181e2022-01-04 14:22:36.961root 11241100x80000000000000004287500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3a546bb81ee1cf2022-01-04 14:22:36.961root 11241100x80000000000000004287501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bb9c8aa68e5b612022-01-04 14:22:36.961root 11241100x80000000000000004287502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd926d88397fcccd2022-01-04 14:22:36.961root 11241100x80000000000000004287503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680477e32d6bbfb42022-01-04 14:22:36.961root 11241100x80000000000000004287504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccf9665b3e8be932022-01-04 14:22:36.961root 11241100x80000000000000004287505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b4330d2af287372022-01-04 14:22:36.961root 11241100x80000000000000004287506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3f28ac1d42c1b82022-01-04 14:22:36.962root 11241100x80000000000000004287507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de0caf13f44ff42022-01-04 14:22:36.962root 11241100x80000000000000004287508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e548372b249ac42022-01-04 14:22:36.962root 11241100x80000000000000004287509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe2f789f94f47082022-01-04 14:22:36.962root 11241100x80000000000000004287510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b14e5ef822c93be2022-01-04 14:22:36.962root 11241100x80000000000000004287511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ececc30dc742d22022-01-04 14:22:36.962root 11241100x80000000000000004287512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bea18e565b77ec42022-01-04 14:22:36.962root 11241100x80000000000000004287513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b0290bf1452b972022-01-04 14:22:36.962root 11241100x80000000000000004287514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ae2116f0a0adb92022-01-04 14:22:36.962root 354300x80000000000000004287515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.071{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41604-false10.0.1.12-8000- 11241100x80000000000000004287516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb785f6d8751dc02022-01-04 14:22:37.460root 11241100x80000000000000004287517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c861bcdbe1269c612022-01-04 14:22:37.460root 11241100x80000000000000004287518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7a648079e6cfdf2022-01-04 14:22:37.460root 11241100x80000000000000004287519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2887f6e60c0524c02022-01-04 14:22:37.460root 11241100x80000000000000004287520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986d2d549be2c8a22022-01-04 14:22:37.461root 11241100x80000000000000004287521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d3b009ab333942022-01-04 14:22:37.461root 11241100x80000000000000004287522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eff89ce9e1f9e02022-01-04 14:22:37.461root 11241100x80000000000000004287523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a80f578adc6ebe2022-01-04 14:22:37.461root 11241100x80000000000000004287524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbff195200c56712022-01-04 14:22:37.461root 11241100x80000000000000004287525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c5c0eb166f0cfe2022-01-04 14:22:37.461root 11241100x80000000000000004287526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2b67d44ae706c62022-01-04 14:22:37.461root 11241100x80000000000000004287527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84ac185afdcf0922022-01-04 14:22:37.461root 11241100x80000000000000004287528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbec284ca81a3b0d2022-01-04 14:22:37.462root 11241100x80000000000000004287529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39fff53391094742022-01-04 14:22:37.462root 11241100x80000000000000004287530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b9d68c3733f18b2022-01-04 14:22:37.462root 11241100x80000000000000004287531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcea533ba6ec30b2022-01-04 14:22:37.462root 11241100x80000000000000004287532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ed7fd67665ce2c2022-01-04 14:22:37.462root 11241100x80000000000000004287533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05180d1c23c380932022-01-04 14:22:37.462root 11241100x80000000000000004287534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d523cdcafae30a2f2022-01-04 14:22:37.462root 11241100x80000000000000004287535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc78330ed7f5828d2022-01-04 14:22:37.463root 11241100x80000000000000004287536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22df484e8dd379c72022-01-04 14:22:37.463root 11241100x80000000000000004287537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2e7ebf51f458152022-01-04 14:22:37.463root 11241100x80000000000000004287538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344ce4f5fe3320c92022-01-04 14:22:37.463root 11241100x80000000000000004287539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470a40154ede57232022-01-04 14:22:37.463root 11241100x80000000000000004287540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1babe958984efbc2022-01-04 14:22:37.464root 11241100x80000000000000004287541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2763d2e41ec0e1252022-01-04 14:22:37.464root 11241100x80000000000000004287542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec491615d6e0006c2022-01-04 14:22:37.464root 11241100x80000000000000004287543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a139ebdf45ca44c52022-01-04 14:22:37.464root 11241100x80000000000000004287544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c7572d2b649b692022-01-04 14:22:37.464root 11241100x80000000000000004287545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288d7f141466707a2022-01-04 14:22:37.464root 11241100x80000000000000004287546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e98b6870e22eb62022-01-04 14:22:37.465root 11241100x80000000000000004287547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04408fa9b26b1a242022-01-04 14:22:37.465root 11241100x80000000000000004287548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c619ba1dd7ec75b02022-01-04 14:22:37.465root 11241100x80000000000000004287549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325b28e113c605952022-01-04 14:22:37.465root 11241100x80000000000000004287550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696658b8071dbdda2022-01-04 14:22:37.959root 11241100x80000000000000004287551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf9d08cd60c342e2022-01-04 14:22:37.959root 11241100x80000000000000004287552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fdd2b1c65cfdd82022-01-04 14:22:37.959root 11241100x80000000000000004287553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8556ecc9c59c8ce2022-01-04 14:22:37.959root 11241100x80000000000000004287554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d29da7a59ac5a092022-01-04 14:22:37.959root 11241100x80000000000000004287555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaa8693a9f06fdf2022-01-04 14:22:37.960root 11241100x80000000000000004287556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea64ca3c3172a5f32022-01-04 14:22:37.960root 11241100x80000000000000004287557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7168412b13dc51752022-01-04 14:22:37.960root 11241100x80000000000000004287558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c848745cb469b742022-01-04 14:22:37.960root 11241100x80000000000000004287559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8524852554eb4122022-01-04 14:22:37.960root 11241100x80000000000000004287560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ff8111e0209b892022-01-04 14:22:37.960root 11241100x80000000000000004287561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d133816eb967a7022022-01-04 14:22:37.960root 11241100x80000000000000004287562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd3dd121fd54aee2022-01-04 14:22:37.960root 11241100x80000000000000004287563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0654925ad1eeecdf2022-01-04 14:22:37.960root 11241100x80000000000000004287564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2ca903a4a63ace2022-01-04 14:22:37.960root 11241100x80000000000000004287565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07253948a9d8c6c2022-01-04 14:22:37.960root 11241100x80000000000000004287566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca8938a67ee22c12022-01-04 14:22:37.960root 11241100x80000000000000004287567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc726e765ab6a7d62022-01-04 14:22:37.960root 11241100x80000000000000004287568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ebe65c658721e2022-01-04 14:22:37.961root 11241100x80000000000000004287569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e96be07ba2fb5f2022-01-04 14:22:37.961root 11241100x80000000000000004287570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d01b9bbfc6623632022-01-04 14:22:37.961root 11241100x80000000000000004287571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f29548fe71381e52022-01-04 14:22:37.961root 11241100x80000000000000004287572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618267076d1c9e452022-01-04 14:22:37.961root 11241100x80000000000000004287573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfeccdaaa5e0a81a2022-01-04 14:22:37.961root 11241100x80000000000000004287574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb5d3123282c6e62022-01-04 14:22:37.961root 11241100x80000000000000004287575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cee8673585580142022-01-04 14:22:37.962root 11241100x80000000000000004287576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fd1c2bf3d296c72022-01-04 14:22:37.962root 11241100x80000000000000004287577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f496bef96b929242022-01-04 14:22:37.962root 11241100x80000000000000004287578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e4e1dd8bf687fd2022-01-04 14:22:37.962root 11241100x80000000000000004287579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7d66e611c383ad2022-01-04 14:22:37.962root 11241100x80000000000000004287580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18effe79505bfedf2022-01-04 14:22:37.963root 11241100x80000000000000004287581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebed10c82b598d62022-01-04 14:22:37.963root 11241100x80000000000000004287582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a723546d8bc3fa5e2022-01-04 14:22:37.963root 11241100x80000000000000004287583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eac0dc68f2f3cb82022-01-04 14:22:37.964root 11241100x80000000000000004287584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c90a09c2fa7e1752022-01-04 14:22:37.964root 11241100x80000000000000004287585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e43a80d19379432022-01-04 14:22:37.964root 11241100x80000000000000004287586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305339d8b12924112022-01-04 14:22:37.964root 11241100x80000000000000004287587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c242fdff3094f8202022-01-04 14:22:37.964root 11241100x80000000000000004287588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5017f5c6708e70592022-01-04 14:22:37.964root 11241100x80000000000000004287589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af046b109cbca7552022-01-04 14:22:37.964root 11241100x80000000000000004287590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9597d3c35436f172022-01-04 14:22:37.965root 11241100x80000000000000004287591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aeab00c04deeca2022-01-04 14:22:37.965root 11241100x80000000000000004287592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:37.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016ade7a7fac45c22022-01-04 14:22:37.965root 11241100x80000000000000004287593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a48d5c1c33695772022-01-04 14:22:38.459root 11241100x80000000000000004287594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9df862b33ca7f82022-01-04 14:22:38.459root 11241100x80000000000000004287595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165719a665387e682022-01-04 14:22:38.459root 11241100x80000000000000004287596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c333f7006e87bbf72022-01-04 14:22:38.459root 11241100x80000000000000004287597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e182d312b06afdec2022-01-04 14:22:38.459root 11241100x80000000000000004287598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4374527bed7f282022-01-04 14:22:38.459root 11241100x80000000000000004287599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90029b6007759772022-01-04 14:22:38.460root 11241100x80000000000000004287600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf299391820221d42022-01-04 14:22:38.460root 11241100x80000000000000004287601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0748e80130a3040a2022-01-04 14:22:38.460root 11241100x80000000000000004287602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0033733adf82ed2a2022-01-04 14:22:38.460root 11241100x80000000000000004287603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2d26006670cc5a2022-01-04 14:22:38.460root 11241100x80000000000000004287604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f17d18bffbd6432022-01-04 14:22:38.460root 11241100x80000000000000004287605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1307a6d4e7dacc02022-01-04 14:22:38.460root 11241100x80000000000000004287606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec04126004e49b392022-01-04 14:22:38.460root 11241100x80000000000000004287607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ed2c7185903e762022-01-04 14:22:38.460root 11241100x80000000000000004287608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17daf2e79d70fea92022-01-04 14:22:38.460root 11241100x80000000000000004287609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fcca2c47712de22022-01-04 14:22:38.460root 11241100x80000000000000004287610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bf7299f2268bb92022-01-04 14:22:38.461root 11241100x80000000000000004287611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a2cd6a32877772022-01-04 14:22:38.461root 11241100x80000000000000004287612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f7e5704892aeeb2022-01-04 14:22:38.461root 11241100x80000000000000004287613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f25423e56196eb2022-01-04 14:22:38.461root 11241100x80000000000000004287614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f68c3fe20cb70432022-01-04 14:22:38.461root 11241100x80000000000000004287615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0827f192cba273f2022-01-04 14:22:38.461root 11241100x80000000000000004287616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f9a01eea8f5a562022-01-04 14:22:38.461root 11241100x80000000000000004287617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960aab68bb05e8c42022-01-04 14:22:38.461root 11241100x80000000000000004287618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2895799a8a30262022-01-04 14:22:38.462root 11241100x80000000000000004287619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631df59be2bec7042022-01-04 14:22:38.462root 11241100x80000000000000004287620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ff9bc6a3e6d53f2022-01-04 14:22:38.462root 11241100x80000000000000004287621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740cd98bc5161a832022-01-04 14:22:38.462root 11241100x80000000000000004287622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fba82e4b716aa22022-01-04 14:22:38.462root 11241100x80000000000000004287623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d908792fc2eb24152022-01-04 14:22:38.462root 11241100x80000000000000004287624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d3b182043817102022-01-04 14:22:38.462root 11241100x80000000000000004287625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbc7084e59b63ee2022-01-04 14:22:38.462root 11241100x80000000000000004287626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6cd5d9ff98a6112022-01-04 14:22:38.462root 11241100x80000000000000004287627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee793e719a06b84e2022-01-04 14:22:38.462root 11241100x80000000000000004287628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b0c3ed766a18362022-01-04 14:22:38.462root 11241100x80000000000000004287629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f8ab9bb96dacc2022-01-04 14:22:38.463root 11241100x80000000000000004287630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e7f7e5f66ffb4b2022-01-04 14:22:38.463root 11241100x80000000000000004287631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61907d836a91673f2022-01-04 14:22:38.463root 11241100x80000000000000004287632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23804d7892886a372022-01-04 14:22:38.463root 11241100x80000000000000004287633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a020f5502515c3b02022-01-04 14:22:38.463root 11241100x80000000000000004287634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c908c2b99648662022-01-04 14:22:38.463root 11241100x80000000000000004287635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672f64825cd001c2022-01-04 14:22:38.463root 11241100x80000000000000004287636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8844cb401859632022-01-04 14:22:38.463root 11241100x80000000000000004287637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e9d88a9430c4582022-01-04 14:22:38.463root 11241100x80000000000000004287638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb70035238899cb2022-01-04 14:22:38.463root 11241100x80000000000000004287639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f40e1b92b21f02022-01-04 14:22:38.960root 11241100x80000000000000004287640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8bb42195e62a312022-01-04 14:22:38.960root 11241100x80000000000000004287641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37090a5557a988132022-01-04 14:22:38.960root 11241100x80000000000000004287642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac5836a99d5af472022-01-04 14:22:38.960root 11241100x80000000000000004287643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7910ef7d811260352022-01-04 14:22:38.960root 11241100x80000000000000004287644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f58f2d94de8ff52022-01-04 14:22:38.960root 11241100x80000000000000004287645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae862b7442432cf2022-01-04 14:22:38.960root 11241100x80000000000000004287646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c3cedcf2d4379b2022-01-04 14:22:38.960root 11241100x80000000000000004287647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf0fdd30ee17e652022-01-04 14:22:38.960root 11241100x80000000000000004287648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faee516bcc28b1512022-01-04 14:22:38.960root 11241100x80000000000000004287649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f862297ba3440172022-01-04 14:22:38.961root 11241100x80000000000000004287650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56d27b5da133e8f2022-01-04 14:22:38.961root 11241100x80000000000000004287651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340be565bb49a8792022-01-04 14:22:38.961root 11241100x80000000000000004287652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92205fdba9d3022022-01-04 14:22:38.961root 11241100x80000000000000004287653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7553ee45e2752342022-01-04 14:22:38.961root 11241100x80000000000000004287654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbdf30a899aa7c52022-01-04 14:22:38.961root 11241100x80000000000000004287655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded2e2e4a3f747152022-01-04 14:22:38.961root 11241100x80000000000000004287656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5876f5fb4f965352022-01-04 14:22:38.961root 11241100x80000000000000004287657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5193fe46a15ee34d2022-01-04 14:22:38.961root 11241100x80000000000000004287658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65133e9929544af52022-01-04 14:22:38.961root 11241100x80000000000000004287659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923a03b81ab43ac32022-01-04 14:22:38.962root 11241100x80000000000000004287660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505951d04d509cc42022-01-04 14:22:38.962root 11241100x80000000000000004287661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971eeb900fbdcf602022-01-04 14:22:38.962root 11241100x80000000000000004287662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99114afb25878e6d2022-01-04 14:22:38.962root 11241100x80000000000000004287663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8958fe5da5e9e22022-01-04 14:22:38.962root 11241100x80000000000000004287664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7dd78fa698fd352022-01-04 14:22:38.962root 11241100x80000000000000004287665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91cbcf63cf402e72022-01-04 14:22:38.962root 11241100x80000000000000004287666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b7c2502721960d2022-01-04 14:22:38.962root 11241100x80000000000000004287667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e42f8431a556832022-01-04 14:22:38.962root 11241100x80000000000000004287668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba224f3a424d4f8c2022-01-04 14:22:38.962root 11241100x80000000000000004287669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa62696f78dacc1b2022-01-04 14:22:38.963root 11241100x80000000000000004287670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f0b3b15054761c2022-01-04 14:22:38.963root 11241100x80000000000000004287671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dd05e2d973b0042022-01-04 14:22:38.963root 11241100x80000000000000004287672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b012b51a17f089b2022-01-04 14:22:38.963root 11241100x80000000000000004287673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331bd1f0f17b73b42022-01-04 14:22:38.963root 11241100x80000000000000004287674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742c0eacb7e25412022-01-04 14:22:39.459root 11241100x80000000000000004287675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e433fe42f4f39eb2022-01-04 14:22:39.459root 11241100x80000000000000004287676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5907b0ef587abb662022-01-04 14:22:39.459root 11241100x80000000000000004287677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efa904b59eca4b2022-01-04 14:22:39.459root 11241100x80000000000000004287678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9955ae3bda0159be2022-01-04 14:22:39.459root 11241100x80000000000000004287679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cf1791d17aaf802022-01-04 14:22:39.459root 11241100x80000000000000004287680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdc31ba9a1544052022-01-04 14:22:39.460root 11241100x80000000000000004287681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd51e1d357b464212022-01-04 14:22:39.460root 11241100x80000000000000004287682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f476f6c9e0956d32022-01-04 14:22:39.460root 11241100x80000000000000004287683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb708635a46be8a2022-01-04 14:22:39.460root 11241100x80000000000000004287684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc014dfa73eabb52022-01-04 14:22:39.460root 11241100x80000000000000004287685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c18015b8f0e7ce2022-01-04 14:22:39.460root 11241100x80000000000000004287686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2892e38f81e42ab52022-01-04 14:22:39.460root 11241100x80000000000000004287687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb3796fb1ea129a2022-01-04 14:22:39.460root 11241100x80000000000000004287688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a2c3c0ed975a942022-01-04 14:22:39.461root 11241100x80000000000000004287689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87b5727f9047f502022-01-04 14:22:39.461root 11241100x80000000000000004287690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78338bfab38de3742022-01-04 14:22:39.461root 11241100x80000000000000004287691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59365365a0351e5e2022-01-04 14:22:39.461root 11241100x80000000000000004287692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47df876b1a47e622022-01-04 14:22:39.461root 11241100x80000000000000004287693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4041451f4100936e2022-01-04 14:22:39.461root 11241100x80000000000000004287694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffc331ab49966912022-01-04 14:22:39.461root 11241100x80000000000000004287695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234d3e92b4ad536d2022-01-04 14:22:39.461root 11241100x80000000000000004287696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffc8e4fef90f07c2022-01-04 14:22:39.461root 11241100x80000000000000004287697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a51e59245862602022-01-04 14:22:39.462root 11241100x80000000000000004287698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2753802b84c24222022-01-04 14:22:39.462root 11241100x80000000000000004287699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ea34b41cc9a4642022-01-04 14:22:39.462root 11241100x80000000000000004287700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0d3fc49b8f99642022-01-04 14:22:39.465root 11241100x80000000000000004287701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9d3107e00ce6902022-01-04 14:22:39.465root 11241100x80000000000000004287702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b060ab3f8d65052022-01-04 14:22:39.465root 11241100x80000000000000004287703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ac2e9b6d8068352022-01-04 14:22:39.465root 11241100x80000000000000004287704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357f88b0ae7cd7f52022-01-04 14:22:39.465root 11241100x80000000000000004287705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c693798b620333422022-01-04 14:22:39.466root 11241100x80000000000000004287706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ec569cd4e2d62c2022-01-04 14:22:39.466root 11241100x80000000000000004287707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648c8a208de2c5ad2022-01-04 14:22:39.466root 11241100x80000000000000004287708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c870e2f39c18a1a92022-01-04 14:22:39.466root 11241100x80000000000000004287709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ba13be60bb17952022-01-04 14:22:39.466root 11241100x80000000000000004287710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141da6a08db13b9b2022-01-04 14:22:39.466root 11241100x80000000000000004287711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdd4e885d6d9bd82022-01-04 14:22:39.466root 11241100x80000000000000004287712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2279abe43b09859c2022-01-04 14:22:39.466root 11241100x80000000000000004287713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c7c323fbcf74492022-01-04 14:22:39.960root 11241100x80000000000000004287714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9864d5ff07bb4bf62022-01-04 14:22:39.960root 11241100x80000000000000004287715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c5b529f5e502dd2022-01-04 14:22:39.960root 11241100x80000000000000004287716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd58ae5ba17f562022-01-04 14:22:39.960root 11241100x80000000000000004287717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c66a9803fb011e32022-01-04 14:22:39.960root 11241100x80000000000000004287718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd7931134c7275b2022-01-04 14:22:39.960root 11241100x80000000000000004287719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0426f2fee31dd3832022-01-04 14:22:39.960root 11241100x80000000000000004287720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820cc4df59f154102022-01-04 14:22:39.960root 11241100x80000000000000004287721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e361e88af6b814b2022-01-04 14:22:39.960root 11241100x80000000000000004287722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c9e9abf5d03e772022-01-04 14:22:39.961root 11241100x80000000000000004287723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517d269a3da0ef4a2022-01-04 14:22:39.961root 11241100x80000000000000004287724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8080f421c5fec932022-01-04 14:22:39.961root 11241100x80000000000000004287725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f98e20721dfa202022-01-04 14:22:39.961root 11241100x80000000000000004287726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf04bb0b8b03d82022-01-04 14:22:39.961root 11241100x80000000000000004287727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469e36190af1c2972022-01-04 14:22:39.961root 11241100x80000000000000004287728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e378b7a1ca10c92022-01-04 14:22:39.961root 11241100x80000000000000004287729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa22efc7be319c92022-01-04 14:22:39.961root 11241100x80000000000000004287730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9324784a43de18102022-01-04 14:22:39.961root 11241100x80000000000000004287731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba8d6b6dd1d34e92022-01-04 14:22:39.962root 11241100x80000000000000004287732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1474669f470b59fe2022-01-04 14:22:39.962root 11241100x80000000000000004287733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda28c20d8edad3a2022-01-04 14:22:39.962root 11241100x80000000000000004287734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacda2e8a8744bf22022-01-04 14:22:39.962root 11241100x80000000000000004287735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14333babec3b03302022-01-04 14:22:39.962root 11241100x80000000000000004287736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4c6ea0d49b725d2022-01-04 14:22:39.962root 11241100x80000000000000004287737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce274a09db229ad2022-01-04 14:22:39.962root 11241100x80000000000000004287738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb92b4fa2184642022-01-04 14:22:39.962root 11241100x80000000000000004287739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00b7298fd66e7d52022-01-04 14:22:39.963root 11241100x80000000000000004287740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7051194e0b4cdc972022-01-04 14:22:39.963root 11241100x80000000000000004287741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f2ba8eaaea8bb2022-01-04 14:22:39.963root 11241100x80000000000000004287742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7ec9a8cc8989ff2022-01-04 14:22:39.963root 11241100x80000000000000004287743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3739ded4dbf3bd2022-01-04 14:22:39.963root 11241100x80000000000000004287744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51d5042e583a86e2022-01-04 14:22:39.963root 11241100x80000000000000004287745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086f2790a944b8b32022-01-04 14:22:39.963root 11241100x80000000000000004287746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:39.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498767ea299baf2a2022-01-04 14:22:39.963root 11241100x80000000000000004287747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2909d39909ed6de2022-01-04 14:22:40.459root 11241100x80000000000000004287748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fff5e09fe10e882022-01-04 14:22:40.459root 11241100x80000000000000004287749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11ec44c3a56d1592022-01-04 14:22:40.460root 11241100x80000000000000004287750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef1d8aeb13992b12022-01-04 14:22:40.460root 11241100x80000000000000004287751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857079fbab914412022-01-04 14:22:40.460root 11241100x80000000000000004287752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aedca9f4e3c7402022-01-04 14:22:40.460root 11241100x80000000000000004287753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4238693b512f67f42022-01-04 14:22:40.460root 11241100x80000000000000004287754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f182295a32893f522022-01-04 14:22:40.460root 11241100x80000000000000004287755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a93f351b1375df52022-01-04 14:22:40.460root 11241100x80000000000000004287756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdad348317802912022-01-04 14:22:40.461root 11241100x80000000000000004287757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7deb05f0c97e8cd2022-01-04 14:22:40.461root 11241100x80000000000000004287758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83383e3ca73d9c92022-01-04 14:22:40.461root 11241100x80000000000000004287759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65acd800bdbda46e2022-01-04 14:22:40.461root 11241100x80000000000000004287760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc22b622ec462d412022-01-04 14:22:40.461root 11241100x80000000000000004287761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e566a3f265bcff2022-01-04 14:22:40.461root 11241100x80000000000000004287762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a522749176cf8cb72022-01-04 14:22:40.461root 11241100x80000000000000004287763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b21b8a5847e1732022-01-04 14:22:40.461root 11241100x80000000000000004287764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8414eac6d3e3b84f2022-01-04 14:22:40.461root 11241100x80000000000000004287765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ec1f316400aa072022-01-04 14:22:40.462root 11241100x80000000000000004287766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c543090ab14b0aa82022-01-04 14:22:40.462root 11241100x80000000000000004287767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3966a76059e44cd2022-01-04 14:22:40.462root 11241100x80000000000000004287768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bcdf2338e8717c2022-01-04 14:22:40.462root 11241100x80000000000000004287769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef46ee4fa2625532022-01-04 14:22:40.462root 11241100x80000000000000004287770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1a4c66bc0102c82022-01-04 14:22:40.463root 11241100x80000000000000004287771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ae27649ecf9df52022-01-04 14:22:40.463root 11241100x80000000000000004287772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e152116cdbcb8192022-01-04 14:22:40.463root 11241100x80000000000000004287773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38250580b9b920bc2022-01-04 14:22:40.463root 11241100x80000000000000004287774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45953ca6b043c8432022-01-04 14:22:40.463root 11241100x80000000000000004287775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381e295f4127acdd2022-01-04 14:22:40.463root 11241100x80000000000000004287776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd36e6e9e3098ab2022-01-04 14:22:40.464root 11241100x80000000000000004287777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318eef712a1addb72022-01-04 14:22:40.464root 11241100x80000000000000004287778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641a2abf90335bf62022-01-04 14:22:40.464root 11241100x80000000000000004287779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425cc79e8291936b2022-01-04 14:22:40.464root 11241100x80000000000000004287780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d6dd5e145408ce2022-01-04 14:22:40.464root 11241100x80000000000000004287781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbd677fa66ceb122022-01-04 14:22:40.464root 11241100x80000000000000004287782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f7712a210f0f122022-01-04 14:22:40.960root 11241100x80000000000000004287783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a13b041fb0e182022-01-04 14:22:40.960root 11241100x80000000000000004287784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d7f6187cdbd9d12022-01-04 14:22:40.960root 11241100x80000000000000004287785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc77d52e4f264dc72022-01-04 14:22:40.960root 11241100x80000000000000004287786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7453f78870496cbc2022-01-04 14:22:40.961root 11241100x80000000000000004287787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1acf3c7558f3fe2022-01-04 14:22:40.961root 11241100x80000000000000004287788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20b8da60cb9f4b72022-01-04 14:22:40.961root 11241100x80000000000000004287789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e606124ff9807592022-01-04 14:22:40.961root 11241100x80000000000000004287790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4417d1b24b9b3ec52022-01-04 14:22:40.961root 11241100x80000000000000004287791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06d24744b52ecb32022-01-04 14:22:40.962root 11241100x80000000000000004287792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d67c40a88067f92022-01-04 14:22:40.962root 11241100x80000000000000004287793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb59d69b96b0aee2022-01-04 14:22:40.962root 11241100x80000000000000004287794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56e9c2e96172f112022-01-04 14:22:40.962root 11241100x80000000000000004287795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5472917fe06c0b0c2022-01-04 14:22:40.962root 11241100x80000000000000004287796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc065761506b44532022-01-04 14:22:40.962root 11241100x80000000000000004287797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc056e5dce002742022-01-04 14:22:40.962root 11241100x80000000000000004287798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f976a2b554df07332022-01-04 14:22:40.962root 11241100x80000000000000004287799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711d902db4100dde2022-01-04 14:22:40.962root 11241100x80000000000000004287800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c58d2cb7a293ba2022-01-04 14:22:40.962root 11241100x80000000000000004287801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409b61b2920da8962022-01-04 14:22:40.963root 11241100x80000000000000004287802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d33477e2480e5642022-01-04 14:22:40.963root 11241100x80000000000000004287803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc54fd816cc1bfb2022-01-04 14:22:40.963root 11241100x80000000000000004287804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13fdd1c818bb3302022-01-04 14:22:40.963root 11241100x80000000000000004287805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9939bc29531d90ef2022-01-04 14:22:40.963root 11241100x80000000000000004287806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6739120db0eaa052022-01-04 14:22:40.963root 11241100x80000000000000004287807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cce5f794137fe92022-01-04 14:22:40.963root 11241100x80000000000000004287808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3698beee0c55c1962022-01-04 14:22:40.963root 11241100x80000000000000004287809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad97b8760bbb72b32022-01-04 14:22:40.963root 11241100x80000000000000004287810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1ace8cc74d7352022-01-04 14:22:40.963root 11241100x80000000000000004287811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86fd249991e740a2022-01-04 14:22:40.963root 11241100x80000000000000004287812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee46a00ded1fd1b62022-01-04 14:22:40.964root 11241100x80000000000000004287813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1404395373c01b2022-01-04 14:22:40.964root 11241100x80000000000000004287814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ce78c907b924ae2022-01-04 14:22:40.964root 11241100x80000000000000004287815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0969c843d472b852022-01-04 14:22:40.964root 11241100x80000000000000004287816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:40.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af97f9a55d9224b52022-01-04 14:22:40.964root 11241100x80000000000000004287817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6310b8b9f6d16262022-01-04 14:22:41.460root 11241100x80000000000000004287818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64123bb67bd087d2022-01-04 14:22:41.460root 11241100x80000000000000004287819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d08c71331c096212022-01-04 14:22:41.461root 11241100x80000000000000004287820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db692cd0c57ce5372022-01-04 14:22:41.461root 11241100x80000000000000004287821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9081b2652b2c2622022-01-04 14:22:41.461root 11241100x80000000000000004287822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3227cf777cb95be2022-01-04 14:22:41.461root 11241100x80000000000000004287823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412d8ed1e6e3b62a2022-01-04 14:22:41.461root 11241100x80000000000000004287824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58a62d8ebd59c6d2022-01-04 14:22:41.461root 11241100x80000000000000004287825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718e7e7a8c9e299f2022-01-04 14:22:41.461root 11241100x80000000000000004287826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739bb48662a7dcea2022-01-04 14:22:41.462root 11241100x80000000000000004287827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad533cab94830a892022-01-04 14:22:41.462root 11241100x80000000000000004287828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3685f2805d427b2022-01-04 14:22:41.462root 11241100x80000000000000004287829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baf6c3756b4059a2022-01-04 14:22:41.462root 11241100x80000000000000004287830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378c52c0718a974d2022-01-04 14:22:41.462root 11241100x80000000000000004287831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dc0cf93d8da5742022-01-04 14:22:41.462root 11241100x80000000000000004287832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab13b199f59312b2022-01-04 14:22:41.462root 11241100x80000000000000004287833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbc0a69b88edc732022-01-04 14:22:41.462root 11241100x80000000000000004287834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1adaf7e6102dd672022-01-04 14:22:41.462root 11241100x80000000000000004287835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8030b6c320bbc7d92022-01-04 14:22:41.462root 11241100x80000000000000004287836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d2e03c03e804762022-01-04 14:22:41.463root 11241100x80000000000000004287837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d41b1177e9a0632022-01-04 14:22:41.463root 11241100x80000000000000004287838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d036c9984b8cfe2022-01-04 14:22:41.463root 11241100x80000000000000004287839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77aa241be4abe8a2022-01-04 14:22:41.463root 11241100x80000000000000004287840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8885f07d32a668732022-01-04 14:22:41.463root 11241100x80000000000000004287841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2df995dc0cca9ce2022-01-04 14:22:41.463root 11241100x80000000000000004287842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5325540e618b8edb2022-01-04 14:22:41.464root 11241100x80000000000000004287843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bada0b6ff6f3d0a42022-01-04 14:22:41.464root 11241100x80000000000000004287844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f62b50d82b4ca32022-01-04 14:22:41.464root 11241100x80000000000000004287845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff75c24bfe1642c2022-01-04 14:22:41.464root 11241100x80000000000000004287846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282c1fdd5a7bbf612022-01-04 14:22:41.464root 11241100x80000000000000004287847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c3f65431dda1e32022-01-04 14:22:41.464root 11241100x80000000000000004287848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5beac6da5ebded5f2022-01-04 14:22:41.464root 11241100x80000000000000004287849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baf1ded1449f7452022-01-04 14:22:41.465root 11241100x80000000000000004287850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bcc76f7f8292672022-01-04 14:22:41.465root 11241100x80000000000000004287851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2900827d148547f92022-01-04 14:22:41.959root 11241100x80000000000000004287852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994f785861d43f8f2022-01-04 14:22:41.959root 11241100x80000000000000004287853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f3a7f8844c6712022-01-04 14:22:41.959root 11241100x80000000000000004287854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3117791f96b70b62022-01-04 14:22:41.959root 11241100x80000000000000004287855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252ee9086f9ee7912022-01-04 14:22:41.959root 11241100x80000000000000004287856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acee66dc833c4d1e2022-01-04 14:22:41.960root 11241100x80000000000000004287857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150786e786be27162022-01-04 14:22:41.960root 11241100x80000000000000004287858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cc64c55ac689a72022-01-04 14:22:41.960root 11241100x80000000000000004287859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5eb5846d80b7a82022-01-04 14:22:41.960root 11241100x80000000000000004287860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23d21ab7acf3a0b2022-01-04 14:22:41.960root 11241100x80000000000000004287861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dc30c721d725c92022-01-04 14:22:41.960root 11241100x80000000000000004287862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b6f0ed24a21b632022-01-04 14:22:41.960root 11241100x80000000000000004287863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd616686871aee62022-01-04 14:22:41.961root 11241100x80000000000000004287864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa495c6b17cbf292022-01-04 14:22:41.961root 11241100x80000000000000004287865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2ad2104d4b1bf72022-01-04 14:22:41.961root 11241100x80000000000000004287866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d70d7a1f203d71f2022-01-04 14:22:41.961root 11241100x80000000000000004287867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2230d4308b615552022-01-04 14:22:41.962root 11241100x80000000000000004287868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0a179d27ca362f2022-01-04 14:22:41.962root 11241100x80000000000000004287869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8d7753121a9f602022-01-04 14:22:41.962root 11241100x80000000000000004287870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e8b992827c0d792022-01-04 14:22:41.962root 11241100x80000000000000004287871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a9937f69d691832022-01-04 14:22:41.962root 11241100x80000000000000004287872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f35fc5818ca9c72022-01-04 14:22:41.963root 11241100x80000000000000004287873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8e5174d20b16602022-01-04 14:22:41.963root 11241100x80000000000000004287874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef05477a89fe4d462022-01-04 14:22:41.963root 11241100x80000000000000004287875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329b850a6af984fd2022-01-04 14:22:41.963root 11241100x80000000000000004287876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2b099bec895ca12022-01-04 14:22:41.963root 11241100x80000000000000004287877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a15a904fa2351ea2022-01-04 14:22:41.964root 11241100x80000000000000004287878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394f0f69cb20caef2022-01-04 14:22:41.964root 11241100x80000000000000004287879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda8fbba4cb8e3dd2022-01-04 14:22:41.964root 11241100x80000000000000004287880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23d529c087eb7012022-01-04 14:22:41.964root 11241100x80000000000000004287881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004fb3360efb2c752022-01-04 14:22:41.964root 11241100x80000000000000004287882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e1aae8fc09712b2022-01-04 14:22:41.964root 11241100x80000000000000004287883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644acfde07864afa2022-01-04 14:22:41.964root 11241100x80000000000000004287884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f353afc495a5af2022-01-04 14:22:41.964root 11241100x80000000000000004287885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80ae91a4f2ca8a12022-01-04 14:22:41.964root 11241100x80000000000000004287886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c69bcf3321c5322022-01-04 14:22:41.965root 11241100x80000000000000004287887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a210dfeb26250f562022-01-04 14:22:41.965root 11241100x80000000000000004287888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f03b5c25407a732022-01-04 14:22:41.965root 11241100x80000000000000004287889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ff5969eecf0c42022-01-04 14:22:41.965root 11241100x80000000000000004287890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1d2667e023fd992022-01-04 14:22:41.965root 11241100x80000000000000004287891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f980f92616124d2022-01-04 14:22:41.965root 11241100x80000000000000004287892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:41.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d553a0021f77cc2022-01-04 14:22:41.965root 354300x80000000000000004287893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.085{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41606-false10.0.1.12-8000- 11241100x80000000000000004287894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b5e3fa743c06f2022-01-04 14:22:42.459root 11241100x80000000000000004287895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428628f905b75f462022-01-04 14:22:42.459root 11241100x80000000000000004287896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325ca71de9f6b8652022-01-04 14:22:42.459root 11241100x80000000000000004287897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a715485bd5d9722022-01-04 14:22:42.459root 11241100x80000000000000004287898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd231dbd693540272022-01-04 14:22:42.459root 11241100x80000000000000004287899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37db4af66d34c02022-01-04 14:22:42.459root 11241100x80000000000000004287900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752857f20b640df02022-01-04 14:22:42.460root 11241100x80000000000000004287901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecc5d4798d53d4c2022-01-04 14:22:42.460root 11241100x80000000000000004287902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b48c9aa81aaa8a2022-01-04 14:22:42.460root 11241100x80000000000000004287903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a92870fb0386372022-01-04 14:22:42.460root 11241100x80000000000000004287904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e827aa736a2642022-01-04 14:22:42.460root 11241100x80000000000000004287905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b82b4d24f4e7d112022-01-04 14:22:42.460root 11241100x80000000000000004287906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e945d8063dfcad1b2022-01-04 14:22:42.460root 11241100x80000000000000004287907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4488c29482b40e942022-01-04 14:22:42.460root 11241100x80000000000000004287908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16052f6212004f272022-01-04 14:22:42.460root 11241100x80000000000000004287909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a561d1dc2a6ca282022-01-04 14:22:42.461root 11241100x80000000000000004287910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7ab9658ea1e66c2022-01-04 14:22:42.461root 11241100x80000000000000004287911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4547833111dc22d72022-01-04 14:22:42.461root 11241100x80000000000000004287912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68930779e40c295f2022-01-04 14:22:42.461root 11241100x80000000000000004287913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3df885ab77c9232022-01-04 14:22:42.461root 11241100x80000000000000004287914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36720e5fd62bde3b2022-01-04 14:22:42.461root 11241100x80000000000000004287915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59161fc87bf9582022-01-04 14:22:42.461root 11241100x80000000000000004287916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dff517d59c7c922022-01-04 14:22:42.462root 11241100x80000000000000004287917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e7be2dfc7a08a2022-01-04 14:22:42.462root 11241100x80000000000000004287918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc532bde9a4d4fa2022-01-04 14:22:42.462root 11241100x80000000000000004287919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948ddcecbb832a4a2022-01-04 14:22:42.462root 11241100x80000000000000004287920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a6b1437dfccbd42022-01-04 14:22:42.462root 11241100x80000000000000004287921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af4bf184079be652022-01-04 14:22:42.462root 11241100x80000000000000004287922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dca53702ed19f972022-01-04 14:22:42.462root 11241100x80000000000000004287923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64b489f0f0109db2022-01-04 14:22:42.462root 11241100x80000000000000004287924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363dd821f459484b2022-01-04 14:22:42.462root 11241100x80000000000000004287925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007e904695dfb5d82022-01-04 14:22:42.463root 11241100x80000000000000004287926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e251ffd63392c71d2022-01-04 14:22:42.464root 11241100x80000000000000004287927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079c87e0b76c723d2022-01-04 14:22:42.465root 11241100x80000000000000004287928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd2ea16d80d96b92022-01-04 14:22:42.465root 11241100x80000000000000004287929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b2f874ffc39ba32022-01-04 14:22:42.465root 11241100x80000000000000004287930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff54af6d10d82c832022-01-04 14:22:42.465root 11241100x80000000000000004287931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339c4d29e38fb89d2022-01-04 14:22:42.465root 11241100x80000000000000004287932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f1f686c75d941e2022-01-04 14:22:42.465root 11241100x80000000000000004287933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f604585e47e63a1f2022-01-04 14:22:42.465root 11241100x80000000000000004287934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623c05b2259cf1cb2022-01-04 14:22:42.465root 11241100x80000000000000004287935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b520fc14b33b0242022-01-04 14:22:42.466root 11241100x80000000000000004287936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe086768a4a82b32022-01-04 14:22:42.466root 11241100x80000000000000004287937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07905a99971b87aa2022-01-04 14:22:42.466root 11241100x80000000000000004287938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c2ea51e2bd54112022-01-04 14:22:42.466root 11241100x80000000000000004287939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0df9be8d8473d32022-01-04 14:22:42.960root 11241100x80000000000000004287940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fdf2094bd64a5d2022-01-04 14:22:42.960root 11241100x80000000000000004287941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9636da3702b46272022-01-04 14:22:42.960root 11241100x80000000000000004287942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff25683c426fdbb92022-01-04 14:22:42.960root 11241100x80000000000000004287943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b715cb6a559d5e2022-01-04 14:22:42.960root 11241100x80000000000000004287944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43f09e71ea6081e2022-01-04 14:22:42.960root 11241100x80000000000000004287945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b330db559217712022-01-04 14:22:42.960root 11241100x80000000000000004287946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1091532e12aa67a22022-01-04 14:22:42.960root 11241100x80000000000000004287947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a35424c7556a822022-01-04 14:22:42.961root 11241100x80000000000000004287948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa85f2d6d18ccbde2022-01-04 14:22:42.961root 11241100x80000000000000004287949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8fc8a9f29eba662022-01-04 14:22:42.961root 11241100x80000000000000004287950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6073bad7aa74782022-01-04 14:22:42.961root 11241100x80000000000000004287951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8cee76a96275572022-01-04 14:22:42.961root 11241100x80000000000000004287952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cbfcbd7ea0e8562022-01-04 14:22:42.961root 11241100x80000000000000004287953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9423814ef2b43af12022-01-04 14:22:42.961root 11241100x80000000000000004287954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c380542978926ac42022-01-04 14:22:42.961root 11241100x80000000000000004287955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b62b9299d7d8fa2022-01-04 14:22:42.961root 11241100x80000000000000004287956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec2a2c751ec003b2022-01-04 14:22:42.962root 11241100x80000000000000004287957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52881eef10afc602022-01-04 14:22:42.962root 11241100x80000000000000004287958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcb244f0a47110b2022-01-04 14:22:42.962root 11241100x80000000000000004287959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ac8cce1aad119f2022-01-04 14:22:42.962root 11241100x80000000000000004287960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487f5f65c53fa8042022-01-04 14:22:42.962root 11241100x80000000000000004287961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef572366d5aaf6812022-01-04 14:22:42.962root 11241100x80000000000000004287962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcc27eee69328112022-01-04 14:22:42.962root 11241100x80000000000000004287963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2f977e5bf619b52022-01-04 14:22:42.962root 11241100x80000000000000004287964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2192b783d437b92022-01-04 14:22:42.962root 11241100x80000000000000004287965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b845c4795ca625b02022-01-04 14:22:42.962root 11241100x80000000000000004287966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00141aaa3269f63e2022-01-04 14:22:42.962root 11241100x80000000000000004287967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9e7ce2f739dba32022-01-04 14:22:42.963root 11241100x80000000000000004287968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9545243f9de07f2022-01-04 14:22:42.963root 11241100x80000000000000004287969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4079f268f8b6c82022-01-04 14:22:42.963root 11241100x80000000000000004287970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9d3b81ec959f6a2022-01-04 14:22:42.963root 11241100x80000000000000004287971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38fd26d4b310ee2022-01-04 14:22:42.963root 11241100x80000000000000004287972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38bc180f61a2e9d2022-01-04 14:22:42.963root 11241100x80000000000000004287973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:42.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e081612d91e09a12022-01-04 14:22:42.963root 11241100x80000000000000004287974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5c66c3bbeb50e12022-01-04 14:22:43.459root 11241100x80000000000000004287975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d624eaf7a275162022-01-04 14:22:43.459root 11241100x80000000000000004287976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0ed381dba4769a2022-01-04 14:22:43.459root 11241100x80000000000000004287977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45094088171018522022-01-04 14:22:43.459root 11241100x80000000000000004287978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7253a732d3718c362022-01-04 14:22:43.459root 11241100x80000000000000004287979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4e355f55f864b72022-01-04 14:22:43.460root 11241100x80000000000000004287980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3171abbb7d24a62022-01-04 14:22:43.460root 11241100x80000000000000004287981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e68ce87ef4cd62022-01-04 14:22:43.460root 11241100x80000000000000004287982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db420f5b73460ae2022-01-04 14:22:43.460root 11241100x80000000000000004287983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeb816050c299112022-01-04 14:22:43.460root 11241100x80000000000000004287984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc60d50970989a8c2022-01-04 14:22:43.460root 11241100x80000000000000004287985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f980b5a1bc1ed4222022-01-04 14:22:43.460root 11241100x80000000000000004287986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e32dd4bcf209902022-01-04 14:22:43.460root 11241100x80000000000000004287987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b948cb69ace2422022-01-04 14:22:43.461root 11241100x80000000000000004287988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb6a44148db469b2022-01-04 14:22:43.461root 11241100x80000000000000004287989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a75a18ea58ffe2022-01-04 14:22:43.461root 11241100x80000000000000004287990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619c6024892a6f362022-01-04 14:22:43.461root 11241100x80000000000000004287991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bcfad37edcce542022-01-04 14:22:43.461root 11241100x80000000000000004287992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58148178bc9ac9a42022-01-04 14:22:43.461root 11241100x80000000000000004287993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5153040683ddbf2022-01-04 14:22:43.461root 11241100x80000000000000004287994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7741708bb301292022-01-04 14:22:43.462root 11241100x80000000000000004287995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeb55696ab7185a2022-01-04 14:22:43.462root 11241100x80000000000000004287996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87feed2c912b690c2022-01-04 14:22:43.462root 11241100x80000000000000004287997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522eeac62200f8ec2022-01-04 14:22:43.462root 11241100x80000000000000004287998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bd2f544d0a3a302022-01-04 14:22:43.462root 11241100x80000000000000004287999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd07de4d9fc50fa2022-01-04 14:22:43.462root 11241100x80000000000000004288000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02270548b2965f22022-01-04 14:22:43.462root 11241100x80000000000000004288001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fd91b46a2799bc2022-01-04 14:22:43.462root 11241100x80000000000000004288002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224693f2e2303cc42022-01-04 14:22:43.462root 11241100x80000000000000004288003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df80db760612c90a2022-01-04 14:22:43.463root 11241100x80000000000000004288004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64800cde121fa7582022-01-04 14:22:43.463root 11241100x80000000000000004288005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17dbe991467c5bb2022-01-04 14:22:43.463root 11241100x80000000000000004288006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6e4a93b59a64792022-01-04 14:22:43.463root 11241100x80000000000000004288007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51bf2eaff995bfb2022-01-04 14:22:43.463root 11241100x80000000000000004288008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cc7a2bb432a4b32022-01-04 14:22:43.463root 11241100x80000000000000004288009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5061906648774f62022-01-04 14:22:43.463root 11241100x80000000000000004288010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14bf672e815ec8d2022-01-04 14:22:43.464root 11241100x80000000000000004288011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd83d82563bbb1752022-01-04 14:22:43.464root 11241100x80000000000000004288012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33ead2d0229cb112022-01-04 14:22:43.464root 11241100x80000000000000004288013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d556fd1f23819d2022-01-04 14:22:43.464root 11241100x80000000000000004288014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e07a2a0cb1ccf82022-01-04 14:22:43.959root 11241100x80000000000000004288015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b0559eaecd70aa2022-01-04 14:22:43.960root 11241100x80000000000000004288016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bb9b00c87ad61d2022-01-04 14:22:43.960root 11241100x80000000000000004288017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa66955f204ea9ee2022-01-04 14:22:43.960root 11241100x80000000000000004288018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734e6eb488b2142a2022-01-04 14:22:43.960root 11241100x80000000000000004288019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f01165d519551e2022-01-04 14:22:43.960root 11241100x80000000000000004288020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b435f1fcf3893c62022-01-04 14:22:43.960root 11241100x80000000000000004288021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b07279069cdc8c82022-01-04 14:22:43.960root 11241100x80000000000000004288022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35de2d1cfb2827252022-01-04 14:22:43.961root 11241100x80000000000000004288023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87714da3abaa00412022-01-04 14:22:43.961root 11241100x80000000000000004288024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931b573ed35a75212022-01-04 14:22:43.961root 11241100x80000000000000004288025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed457738200497602022-01-04 14:22:43.961root 11241100x80000000000000004288026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a4eb08848c49492022-01-04 14:22:43.961root 11241100x80000000000000004288027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4db4ffce6817c42022-01-04 14:22:43.961root 11241100x80000000000000004288028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c636bca45f728e2022-01-04 14:22:43.961root 11241100x80000000000000004288029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31e7a2bffa4fe502022-01-04 14:22:43.961root 11241100x80000000000000004288030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e916b5c8c2eb2b2022-01-04 14:22:43.961root 11241100x80000000000000004288031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8953430145d986b2022-01-04 14:22:43.962root 11241100x80000000000000004288032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff309cbce3147e982022-01-04 14:22:43.962root 11241100x80000000000000004288033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d827cb4fa3b1e02022-01-04 14:22:43.962root 11241100x80000000000000004288034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c4cc6bb16a6ee32022-01-04 14:22:43.962root 11241100x80000000000000004288035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e501a342268e0b52022-01-04 14:22:43.962root 11241100x80000000000000004288036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14f7120d386f4a82022-01-04 14:22:43.962root 11241100x80000000000000004288037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da519e1fb1fd752b2022-01-04 14:22:43.962root 11241100x80000000000000004288038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6ab785e2fc0c102022-01-04 14:22:43.962root 11241100x80000000000000004288039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee72958e16753f92022-01-04 14:22:43.962root 11241100x80000000000000004288040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab9672597d4504a2022-01-04 14:22:43.963root 11241100x80000000000000004288041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9bceecf0e15ecc2022-01-04 14:22:43.963root 11241100x80000000000000004288042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf6cc1a6cf9b5cd2022-01-04 14:22:43.963root 11241100x80000000000000004288043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be6a6953270636e2022-01-04 14:22:43.963root 11241100x80000000000000004288044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba1ed7f66ea6f652022-01-04 14:22:43.963root 11241100x80000000000000004288045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b36891e5379b47a2022-01-04 14:22:43.963root 11241100x80000000000000004288046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f9ca1083f8a9af2022-01-04 14:22:43.966root 11241100x80000000000000004288047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01ecb86096762952022-01-04 14:22:43.966root 11241100x80000000000000004288048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a59c67e16242312022-01-04 14:22:43.967root 11241100x80000000000000004288049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0de1df0e58062f2022-01-04 14:22:43.967root 11241100x80000000000000004288050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7230bca9d833972022-01-04 14:22:43.967root 11241100x80000000000000004288051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c5264ed72ec6802022-01-04 14:22:43.967root 11241100x80000000000000004288052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e449f36b5539f0ad2022-01-04 14:22:43.967root 11241100x80000000000000004288053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54f2d322161c9372022-01-04 14:22:43.967root 11241100x80000000000000004288054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:43.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25c00298faf29bc2022-01-04 14:22:43.967root 11241100x80000000000000004288055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d65832236ccf8a22022-01-04 14:22:44.460root 11241100x80000000000000004288056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5a6d63ddb64b7c2022-01-04 14:22:44.460root 11241100x80000000000000004288057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df76a3282a93748f2022-01-04 14:22:44.460root 11241100x80000000000000004288058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b48872744f910a12022-01-04 14:22:44.460root 11241100x80000000000000004288059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42014e65063f0f762022-01-04 14:22:44.460root 11241100x80000000000000004288060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a238f233e0a47eb2022-01-04 14:22:44.460root 11241100x80000000000000004288061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b981d788031832fa2022-01-04 14:22:44.460root 11241100x80000000000000004288062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762e8de036586d042022-01-04 14:22:44.461root 11241100x80000000000000004288063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee46842f3636c942022-01-04 14:22:44.461root 11241100x80000000000000004288064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22595542c7a02e72022-01-04 14:22:44.461root 11241100x80000000000000004288065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14c91fa56d299dc2022-01-04 14:22:44.461root 11241100x80000000000000004288066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94886a8125c81bb2022-01-04 14:22:44.461root 11241100x80000000000000004288067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f34943d3be7fec2022-01-04 14:22:44.461root 11241100x80000000000000004288068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dae8c006f485592022-01-04 14:22:44.461root 11241100x80000000000000004288069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb9c7f25e94da02022-01-04 14:22:44.461root 11241100x80000000000000004288070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca13333ef0d08742022-01-04 14:22:44.461root 11241100x80000000000000004288071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac18284ea651b0c2022-01-04 14:22:44.462root 11241100x80000000000000004288072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60342f32790a1ba32022-01-04 14:22:44.462root 11241100x80000000000000004288073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973a93d8460fcb382022-01-04 14:22:44.462root 11241100x80000000000000004288074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9347ae6101f5ef442022-01-04 14:22:44.462root 11241100x80000000000000004288075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815f51cdc942c7412022-01-04 14:22:44.462root 11241100x80000000000000004288076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2a72d9e193fde32022-01-04 14:22:44.462root 11241100x80000000000000004288077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e556f359f38276212022-01-04 14:22:44.462root 11241100x80000000000000004288078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e2e9910e9136b52022-01-04 14:22:44.462root 11241100x80000000000000004288079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad49ae8f62e760962022-01-04 14:22:44.462root 11241100x80000000000000004288080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762db7605c802e292022-01-04 14:22:44.462root 11241100x80000000000000004288081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da9616457b880472022-01-04 14:22:44.463root 11241100x80000000000000004288082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed690ce250be5732022-01-04 14:22:44.463root 11241100x80000000000000004288083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1656389f0d669f2022-01-04 14:22:44.463root 11241100x80000000000000004288084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ac1a24a2daea532022-01-04 14:22:44.463root 11241100x80000000000000004288085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a11adc1fcda2022022-01-04 14:22:44.463root 11241100x80000000000000004288086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fcd76068e989fd2022-01-04 14:22:44.463root 11241100x80000000000000004288087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dfeae4983525b62022-01-04 14:22:44.463root 11241100x80000000000000004288088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05091ed16930a6e92022-01-04 14:22:44.463root 11241100x80000000000000004288089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e740dc5d35dff622022-01-04 14:22:44.463root 11241100x80000000000000004288090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31613d1e755592362022-01-04 14:22:44.463root 11241100x80000000000000004288091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b3d0776509178c2022-01-04 14:22:44.463root 11241100x80000000000000004288092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c6f3376e26d9562022-01-04 14:22:44.463root 11241100x80000000000000004288093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539da0db5955820d2022-01-04 14:22:44.961root 11241100x80000000000000004288094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60281d0a178db59d2022-01-04 14:22:44.961root 11241100x80000000000000004288095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0379d12404c3d92022-01-04 14:22:44.961root 11241100x80000000000000004288096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a743a1fd97da9702022-01-04 14:22:44.961root 11241100x80000000000000004288097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1657a3ca75e99f2022-01-04 14:22:44.961root 11241100x80000000000000004288098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff4e7828186e47d2022-01-04 14:22:44.961root 11241100x80000000000000004288099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde38a25071b24a12022-01-04 14:22:44.962root 11241100x80000000000000004288100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c4cc9165d43c312022-01-04 14:22:44.962root 11241100x80000000000000004288101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416c91a40c46c0672022-01-04 14:22:44.962root 11241100x80000000000000004288102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2c23058aac82382022-01-04 14:22:44.962root 11241100x80000000000000004288103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c71f2e666c6f9a2022-01-04 14:22:44.962root 11241100x80000000000000004288104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ebbfb31a93505d2022-01-04 14:22:44.962root 11241100x80000000000000004288105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f83dbfff7f23d32022-01-04 14:22:44.962root 11241100x80000000000000004288106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6289bc60840d5ef82022-01-04 14:22:44.962root 11241100x80000000000000004288107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c51a7dca50b2362022-01-04 14:22:44.962root 11241100x80000000000000004288108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f7cef5c0b0fd4c2022-01-04 14:22:44.962root 11241100x80000000000000004288109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa8a1ca908146e2022-01-04 14:22:44.963root 11241100x80000000000000004288110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78327a1610fc6a062022-01-04 14:22:44.963root 11241100x80000000000000004288111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56084d9240300dee2022-01-04 14:22:44.963root 11241100x80000000000000004288112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98de3601a37add042022-01-04 14:22:44.963root 11241100x80000000000000004288113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ef361b0c2c1b692022-01-04 14:22:44.963root 11241100x80000000000000004288114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c3f334955358d2022-01-04 14:22:44.963root 11241100x80000000000000004288115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86377b1c7006acf92022-01-04 14:22:44.963root 11241100x80000000000000004288116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ee1c0c20d0bb2c2022-01-04 14:22:44.963root 11241100x80000000000000004288117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc937c9fcd0c32f2022-01-04 14:22:44.963root 11241100x80000000000000004288118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060ea3d6d63d58fd2022-01-04 14:22:44.964root 11241100x80000000000000004288119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8ed385234a3b7b2022-01-04 14:22:44.964root 11241100x80000000000000004288120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58f5f0fd56470d22022-01-04 14:22:44.964root 11241100x80000000000000004288121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f43a65c4844f452022-01-04 14:22:44.964root 11241100x80000000000000004288122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3789e441a64e612022-01-04 14:22:44.964root 11241100x80000000000000004288123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503da4365647d34d2022-01-04 14:22:44.964root 11241100x80000000000000004288124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc77944db415cc9c2022-01-04 14:22:44.964root 11241100x80000000000000004288125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c6feedc97be8e82022-01-04 14:22:44.964root 11241100x80000000000000004288126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb875af8e70995a2022-01-04 14:22:44.964root 11241100x80000000000000004288127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:44.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32116117b077a252022-01-04 14:22:44.965root 11241100x80000000000000004288128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d69effc8ccaa3aa2022-01-04 14:22:45.459root 11241100x80000000000000004288129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913b275c19b80d982022-01-04 14:22:45.459root 11241100x80000000000000004288130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911f1fcd4158687a2022-01-04 14:22:45.460root 11241100x80000000000000004288131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8da175496a0f42022-01-04 14:22:45.460root 11241100x80000000000000004288132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ef3bc838414acc2022-01-04 14:22:45.460root 11241100x80000000000000004288133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b113f8c0fb075c2022-01-04 14:22:45.460root 11241100x80000000000000004288134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a552b64b3cb1752022-01-04 14:22:45.460root 11241100x80000000000000004288135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9bf9235100a8b72022-01-04 14:22:45.460root 11241100x80000000000000004288136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd0fe1f2dee13612022-01-04 14:22:45.460root 11241100x80000000000000004288137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af8a1f67c99e2312022-01-04 14:22:45.460root 11241100x80000000000000004288138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64e0f2bc04738db2022-01-04 14:22:45.460root 11241100x80000000000000004288139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6f1064f3d465f32022-01-04 14:22:45.460root 11241100x80000000000000004288140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843009d8cf45dae42022-01-04 14:22:45.460root 11241100x80000000000000004288141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c683914a1c5f562022-01-04 14:22:45.460root 11241100x80000000000000004288142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f341228d6c188422022-01-04 14:22:45.460root 11241100x80000000000000004288143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b3dea52a4928622022-01-04 14:22:45.460root 11241100x80000000000000004288144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cb720e5981ce5c2022-01-04 14:22:45.461root 11241100x80000000000000004288145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844430e1115d893c2022-01-04 14:22:45.461root 11241100x80000000000000004288146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048842859c2665262022-01-04 14:22:45.461root 11241100x80000000000000004288147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec1d7ffb22c57de2022-01-04 14:22:45.461root 11241100x80000000000000004288148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711fea1e3c9ca8112022-01-04 14:22:45.461root 11241100x80000000000000004288149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816d07ee08c79be22022-01-04 14:22:45.461root 11241100x80000000000000004288150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a6bde5e86160982022-01-04 14:22:45.461root 11241100x80000000000000004288151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04843327630c604d2022-01-04 14:22:45.461root 11241100x80000000000000004288152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627e1f092b043fd2022-01-04 14:22:45.461root 11241100x80000000000000004288153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed397d10415f15532022-01-04 14:22:45.461root 11241100x80000000000000004288154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073c6f54f6eac8462022-01-04 14:22:45.462root 11241100x80000000000000004288155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686dbcbc34d125492022-01-04 14:22:45.462root 11241100x80000000000000004288156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c987e805031ddcf2022-01-04 14:22:45.462root 11241100x80000000000000004288157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2534ecb0680d4f2022-01-04 14:22:45.462root 11241100x80000000000000004288158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a9b9fa889ff1c92022-01-04 14:22:45.462root 11241100x80000000000000004288159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a8c8792ac71bf62022-01-04 14:22:45.462root 11241100x80000000000000004288160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21616b59e067ab232022-01-04 14:22:45.462root 11241100x80000000000000004288161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11ab53f25613472022-01-04 14:22:45.462root 11241100x80000000000000004288162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8172318e98ba754d2022-01-04 14:22:45.462root 11241100x80000000000000004288163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74008bad5d812fb2022-01-04 14:22:45.462root 11241100x80000000000000004288164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab09e88afde7f072022-01-04 14:22:45.463root 11241100x80000000000000004288165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c07266509898302022-01-04 14:22:45.463root 11241100x80000000000000004288166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49efeab514a3b0232022-01-04 14:22:45.463root 11241100x80000000000000004288167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d1bf57d51bc7cc2022-01-04 14:22:45.463root 11241100x80000000000000004288168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39250cbf708088a72022-01-04 14:22:45.463root 11241100x80000000000000004288169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3361afd7240b39b2022-01-04 14:22:45.463root 11241100x80000000000000004288170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807bf422e741e4fd2022-01-04 14:22:45.463root 11241100x80000000000000004288171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad33e17f000dfae42022-01-04 14:22:45.463root 11241100x80000000000000004288172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f09b744467aaad92022-01-04 14:22:45.463root 11241100x80000000000000004288173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ba8401c43530e32022-01-04 14:22:45.463root 11241100x80000000000000004288174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f965629a277e095c2022-01-04 14:22:45.464root 11241100x80000000000000004288175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1612a188a2279d2022-01-04 14:22:45.465root 11241100x80000000000000004288176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f588b2ef6ae9222022-01-04 14:22:45.465root 11241100x80000000000000004288177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1c0b8f2e65b4b2022-01-04 14:22:45.465root 11241100x80000000000000004288178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d073920994aadc732022-01-04 14:22:45.465root 11241100x80000000000000004288179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e9b4ea77a0c7152022-01-04 14:22:45.465root 11241100x80000000000000004288180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df633bb2444543b12022-01-04 14:22:45.465root 11241100x80000000000000004288181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4551312d29164052022-01-04 14:22:45.959root 11241100x80000000000000004288182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4667444ee7baa62022-01-04 14:22:45.960root 11241100x80000000000000004288183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44456eeaef028c2022-01-04 14:22:45.960root 11241100x80000000000000004288184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be22e4953c224be2022-01-04 14:22:45.960root 11241100x80000000000000004288185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46352c1d82dfa4152022-01-04 14:22:45.960root 11241100x80000000000000004288186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f030f6383d1f4ff02022-01-04 14:22:45.960root 11241100x80000000000000004288187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7dbbb29b261092022-01-04 14:22:45.961root 11241100x80000000000000004288188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246ab7297b6c14012022-01-04 14:22:45.961root 11241100x80000000000000004288189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e6344460ac8122022-01-04 14:22:45.961root 11241100x80000000000000004288190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b071e417a9bc382022-01-04 14:22:45.961root 11241100x80000000000000004288191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26abdc92f39a45e62022-01-04 14:22:45.961root 11241100x80000000000000004288192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a440a6372526d7432022-01-04 14:22:45.961root 11241100x80000000000000004288193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31df3d5fe97459b52022-01-04 14:22:45.961root 11241100x80000000000000004288194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bde05d68076f2e2022-01-04 14:22:45.961root 11241100x80000000000000004288195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1f09f229fe6f772022-01-04 14:22:45.961root 11241100x80000000000000004288196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f2f162a2b666c42022-01-04 14:22:45.961root 11241100x80000000000000004288197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc8f525860875942022-01-04 14:22:45.961root 11241100x80000000000000004288198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29025848c0cbfa352022-01-04 14:22:45.962root 11241100x80000000000000004288199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3479f5dc16c68822022-01-04 14:22:45.962root 11241100x80000000000000004288200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a896fceb26e20372022-01-04 14:22:45.962root 11241100x80000000000000004288201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f125a18884a6be2022-01-04 14:22:45.962root 11241100x80000000000000004288202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9569b149a51fb5492022-01-04 14:22:45.962root 11241100x80000000000000004288203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ca4309816a60f22022-01-04 14:22:45.962root 11241100x80000000000000004288204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ec398797f1ec712022-01-04 14:22:45.962root 11241100x80000000000000004288205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9b97340026985e2022-01-04 14:22:45.962root 11241100x80000000000000004288206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfa9bd26d401312022-01-04 14:22:45.962root 11241100x80000000000000004288207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f63f9e032090c12022-01-04 14:22:45.962root 11241100x80000000000000004288208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de6d5913012a7892022-01-04 14:22:45.962root 11241100x80000000000000004288209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52498c4f6ff11942022-01-04 14:22:45.963root 11241100x80000000000000004288210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f43672297a6fe2022-01-04 14:22:45.963root 11241100x80000000000000004288211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e934723a1321ad182022-01-04 14:22:45.963root 11241100x80000000000000004288212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99c9232224429b12022-01-04 14:22:45.963root 11241100x80000000000000004288213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd78d13f34d814912022-01-04 14:22:45.963root 11241100x80000000000000004288214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc28686f6f72ab2022-01-04 14:22:45.963root 11241100x80000000000000004288215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccb5a0ec63b04bf2022-01-04 14:22:45.963root 11241100x80000000000000004288216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2acc782119faf342022-01-04 14:22:45.963root 11241100x80000000000000004288217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c5f1da9be96ebd2022-01-04 14:22:45.963root 11241100x80000000000000004288218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1bb25387d737cd2022-01-04 14:22:45.964root 11241100x80000000000000004288219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f592e7eeda0cfb992022-01-04 14:22:45.964root 11241100x80000000000000004288220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225588ae83f472d62022-01-04 14:22:45.964root 11241100x80000000000000004288221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273ffc8bc36745b22022-01-04 14:22:46.459root 11241100x80000000000000004288222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e90968273b2b8e2022-01-04 14:22:46.459root 11241100x80000000000000004288223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c10e6c91ef26c2022-01-04 14:22:46.459root 11241100x80000000000000004288224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc2eb2fe31cafa92022-01-04 14:22:46.460root 11241100x80000000000000004288225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8945fe60e6c6d72022-01-04 14:22:46.460root 11241100x80000000000000004288226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701bf6c532ff25b62022-01-04 14:22:46.460root 11241100x80000000000000004288227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30270a119387dbb2022-01-04 14:22:46.460root 11241100x80000000000000004288228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bb98cf8fa81dcf2022-01-04 14:22:46.460root 11241100x80000000000000004288229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d1e76aa6e83e872022-01-04 14:22:46.460root 11241100x80000000000000004288230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ae4510ab25e8d62022-01-04 14:22:46.460root 11241100x80000000000000004288231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7daf8b8531e2182022-01-04 14:22:46.461root 11241100x80000000000000004288232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66725448d28641322022-01-04 14:22:46.461root 11241100x80000000000000004288233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1269ac521bf1a0e2022-01-04 14:22:46.461root 11241100x80000000000000004288234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e028ef0f49ef83a2022-01-04 14:22:46.461root 11241100x80000000000000004288235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee7c295066aea3c2022-01-04 14:22:46.461root 11241100x80000000000000004288236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357eb31b996155b2022-01-04 14:22:46.461root 11241100x80000000000000004288237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7852c6fe19301582022-01-04 14:22:46.461root 11241100x80000000000000004288238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90d9b8e0e718a082022-01-04 14:22:46.461root 11241100x80000000000000004288239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22777e9ae78f3c852022-01-04 14:22:46.461root 11241100x80000000000000004288240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed192b630c5e34d2022-01-04 14:22:46.461root 11241100x80000000000000004288241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca575383558aea612022-01-04 14:22:46.461root 11241100x80000000000000004288242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e46a6183a36b7a42022-01-04 14:22:46.461root 11241100x80000000000000004288243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4055d7f33f41c8382022-01-04 14:22:46.461root 11241100x80000000000000004288244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51bb4060709f6362022-01-04 14:22:46.461root 11241100x80000000000000004288245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4072b37e395c3c2022-01-04 14:22:46.462root 11241100x80000000000000004288246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d940ccc2ad0905832022-01-04 14:22:46.462root 11241100x80000000000000004288247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8818184fd63d9682022-01-04 14:22:46.462root 11241100x80000000000000004288248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06af45c0a7faea4e2022-01-04 14:22:46.462root 11241100x80000000000000004288249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478522baf974fe9d2022-01-04 14:22:46.462root 11241100x80000000000000004288250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827880fbddbfd4522022-01-04 14:22:46.462root 11241100x80000000000000004288251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab643ce67587c672022-01-04 14:22:46.462root 11241100x80000000000000004288252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a59c67ac012ddc2022-01-04 14:22:46.462root 11241100x80000000000000004288253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3009c67eee874302022-01-04 14:22:46.462root 11241100x80000000000000004288254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b6ed97207cc5932022-01-04 14:22:46.462root 11241100x80000000000000004288255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd07442f9b5072f2022-01-04 14:22:46.462root 11241100x80000000000000004288256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea707c795af258c42022-01-04 14:22:46.462root 11241100x80000000000000004288257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d079397318536db2022-01-04 14:22:46.462root 11241100x80000000000000004288258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2f6c7c33d75cbc2022-01-04 14:22:46.462root 11241100x80000000000000004288259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca8f12d09829b332022-01-04 14:22:46.462root 11241100x80000000000000004288260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287312834334ab632022-01-04 14:22:46.463root 11241100x80000000000000004288261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43f70bddc3642a2022-01-04 14:22:46.464root 11241100x80000000000000004288262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66fb3985524e8ac2022-01-04 14:22:46.464root 11241100x80000000000000004288263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8ffb2b58f265022022-01-04 14:22:46.959root 11241100x80000000000000004288264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fab55b649a61d62022-01-04 14:22:46.960root 11241100x80000000000000004288265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032831116958a7d92022-01-04 14:22:46.960root 11241100x80000000000000004288266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae2638ae782b1132022-01-04 14:22:46.960root 11241100x80000000000000004288267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffd433253acd86f2022-01-04 14:22:46.960root 11241100x80000000000000004288268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2373ac5764947562022-01-04 14:22:46.960root 11241100x80000000000000004288269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d7a41f1b7f79aa2022-01-04 14:22:46.960root 11241100x80000000000000004288270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdae8e34cd9bccd92022-01-04 14:22:46.960root 11241100x80000000000000004288271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2999ec2048b58a2022-01-04 14:22:46.960root 11241100x80000000000000004288272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403891bcb8d091ad2022-01-04 14:22:46.960root 11241100x80000000000000004288273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4b58c496795bb92022-01-04 14:22:46.960root 11241100x80000000000000004288274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d38dac4ce1722f2022-01-04 14:22:46.960root 11241100x80000000000000004288275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62addbbdc748fe982022-01-04 14:22:46.960root 11241100x80000000000000004288276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96cf8b634db4e432022-01-04 14:22:46.960root 11241100x80000000000000004288277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f5847d8d5be9492022-01-04 14:22:46.960root 11241100x80000000000000004288278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e5e359787903852022-01-04 14:22:46.960root 11241100x80000000000000004288279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7770ec48f5e581d32022-01-04 14:22:46.961root 11241100x80000000000000004288280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319caecf73802082022-01-04 14:22:46.961root 11241100x80000000000000004288281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f1a6fb748e03e02022-01-04 14:22:46.961root 11241100x80000000000000004288282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9c45af3ec2e96b2022-01-04 14:22:46.961root 11241100x80000000000000004288283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48929748f09cf7042022-01-04 14:22:46.961root 11241100x80000000000000004288284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed02fe5497d85462022-01-04 14:22:46.961root 11241100x80000000000000004288285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13068c474115df2022-01-04 14:22:46.961root 11241100x80000000000000004288286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd00fd2e920533d2022-01-04 14:22:46.961root 11241100x80000000000000004288287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d112f1417492da2022-01-04 14:22:46.961root 11241100x80000000000000004288288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc708e4249e517d2022-01-04 14:22:46.961root 11241100x80000000000000004288289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8377070180a747e22022-01-04 14:22:46.961root 11241100x80000000000000004288290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea5a070cb721aeb2022-01-04 14:22:46.961root 11241100x80000000000000004288291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cd0f5dac20568d2022-01-04 14:22:46.961root 11241100x80000000000000004288292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c37aabd7dd314e2022-01-04 14:22:46.961root 11241100x80000000000000004288293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b66d629bea5c3a2022-01-04 14:22:46.961root 11241100x80000000000000004288294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42f724e1a2d62442022-01-04 14:22:46.962root 11241100x80000000000000004288295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0308dec2c189062022-01-04 14:22:46.962root 11241100x80000000000000004288296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9c75ce33bf6dc92022-01-04 14:22:46.962root 11241100x80000000000000004288297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669feb9faad2cf9e2022-01-04 14:22:46.962root 11241100x80000000000000004288298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af4cd005c47b66b2022-01-04 14:22:46.962root 354300x80000000000000004288299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.221{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41608-false10.0.1.12-8000- 11241100x80000000000000004288300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c245adfa761637cf2022-01-04 14:22:47.222root 11241100x80000000000000004288301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ceec8c14e6403a2022-01-04 14:22:47.222root 11241100x80000000000000004288302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648af33b7f06c75c2022-01-04 14:22:47.222root 11241100x80000000000000004288303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43497ae804436b292022-01-04 14:22:47.223root 11241100x80000000000000004288304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7708e0c933561dae2022-01-04 14:22:47.223root 11241100x80000000000000004288305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5c5f00d39df2912022-01-04 14:22:47.223root 11241100x80000000000000004288306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738121f6bb8e3d512022-01-04 14:22:47.223root 11241100x80000000000000004288307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd76aad01c81bcf2022-01-04 14:22:47.223root 11241100x80000000000000004288308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e7191f48a537cc2022-01-04 14:22:47.223root 11241100x80000000000000004288309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d206797d89a34a152022-01-04 14:22:47.223root 11241100x80000000000000004288310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b753e04cdb35e7322022-01-04 14:22:47.223root 11241100x80000000000000004288311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50c71e9723a7ed82022-01-04 14:22:47.223root 11241100x80000000000000004288312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316aa8fb8e864432022-01-04 14:22:47.223root 11241100x80000000000000004288313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d73ee44bc1d2172022-01-04 14:22:47.223root 11241100x80000000000000004288314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93437659faf32c482022-01-04 14:22:47.223root 11241100x80000000000000004288315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0142e40242ce78ca2022-01-04 14:22:47.224root 11241100x80000000000000004288316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8cf0c2f5bc64c32022-01-04 14:22:47.224root 11241100x80000000000000004288317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75e4c2dac3908452022-01-04 14:22:47.224root 11241100x80000000000000004288318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d815c75c03824012022-01-04 14:22:47.224root 11241100x80000000000000004288319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9c64b9c5e15c522022-01-04 14:22:47.224root 11241100x80000000000000004288320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb9406101cc489e2022-01-04 14:22:47.224root 11241100x80000000000000004288321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd88ad4be6ef5c092022-01-04 14:22:47.224root 11241100x80000000000000004288322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15897a87cea0d4d92022-01-04 14:22:47.224root 11241100x80000000000000004288323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda0b578429e4742022-01-04 14:22:47.224root 11241100x80000000000000004288324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676e42155cd7528e2022-01-04 14:22:47.224root 11241100x80000000000000004288325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38397703dad8e8342022-01-04 14:22:47.224root 11241100x80000000000000004288326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c994b56483c932d12022-01-04 14:22:47.224root 11241100x80000000000000004288327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5daba79c9441bcc2022-01-04 14:22:47.224root 11241100x80000000000000004288328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3378c3af496e95892022-01-04 14:22:47.224root 11241100x80000000000000004288329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1920adab2ede1bab2022-01-04 14:22:47.224root 11241100x80000000000000004288330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa18e8050fce81ac2022-01-04 14:22:47.225root 11241100x80000000000000004288331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6b17e871115b232022-01-04 14:22:47.225root 11241100x80000000000000004288332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92959a9df2fd13042022-01-04 14:22:47.225root 11241100x80000000000000004288333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9b4fe5986383502022-01-04 14:22:47.225root 11241100x80000000000000004288334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bcc33edd997fdc2022-01-04 14:22:47.225root 11241100x80000000000000004288335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392f8e146fee39d92022-01-04 14:22:47.225root 11241100x80000000000000004288336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b208ad7666af6e72022-01-04 14:22:47.225root 11241100x80000000000000004288337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a087be276141e7282022-01-04 14:22:47.225root 11241100x80000000000000004288338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2053913e9c43902022-01-04 14:22:47.225root 11241100x80000000000000004288339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269dacd7c020a04f2022-01-04 14:22:47.225root 11241100x80000000000000004288340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a11ea0636b92ad92022-01-04 14:22:47.225root 11241100x80000000000000004288341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95de426c4c4776f2022-01-04 14:22:47.225root 11241100x80000000000000004288342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef40f90c21ee130c2022-01-04 14:22:47.225root 11241100x80000000000000004288343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c6a309f3298ada2022-01-04 14:22:47.225root 11241100x80000000000000004288344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352b43b71e58c92e2022-01-04 14:22:47.225root 11241100x80000000000000004288345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dca03ad5931b2742022-01-04 14:22:47.225root 11241100x80000000000000004288346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0656fc42f6376b042022-01-04 14:22:47.226root 11241100x80000000000000004288347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c64a9de0ae15192022-01-04 14:22:47.226root 11241100x80000000000000004288348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe1d900bfcd95652022-01-04 14:22:47.226root 11241100x80000000000000004288349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6af7cc03d2dc7ec2022-01-04 14:22:47.226root 11241100x80000000000000004288350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edfc897c798ff52022-01-04 14:22:47.226root 11241100x80000000000000004288351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f167d8644fbd42e2022-01-04 14:22:47.226root 11241100x80000000000000004288352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a665381c480264032022-01-04 14:22:47.226root 11241100x80000000000000004288353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9614090dc68b5a2022-01-04 14:22:47.226root 11241100x80000000000000004288354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70232162fad3c18e2022-01-04 14:22:47.226root 11241100x80000000000000004288355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f826857c806b9c012022-01-04 14:22:47.228root 11241100x80000000000000004288356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07de97011cb554f2022-01-04 14:22:47.228root 11241100x80000000000000004288357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbaf0c3084ec5132022-01-04 14:22:47.228root 11241100x80000000000000004288358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d5a171935376a72022-01-04 14:22:47.229root 11241100x80000000000000004288359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddb449a646e64b52022-01-04 14:22:47.229root 11241100x80000000000000004288360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2061573aa88c2342022-01-04 14:22:47.229root 11241100x80000000000000004288361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609592bec8f3a4c02022-01-04 14:22:47.709root 11241100x80000000000000004288362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfaadb82063c0ec2022-01-04 14:22:47.709root 11241100x80000000000000004288363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96875c287607c22022-01-04 14:22:47.709root 11241100x80000000000000004288364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e683117146260102022-01-04 14:22:47.709root 11241100x80000000000000004288365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6f277d6419f1202022-01-04 14:22:47.709root 11241100x80000000000000004288366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f34cb8c8fc89922022-01-04 14:22:47.709root 11241100x80000000000000004288367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958f4706cbb7eed32022-01-04 14:22:47.710root 11241100x80000000000000004288368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f213aa01736f42d32022-01-04 14:22:47.710root 11241100x80000000000000004288369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4607837b76b22ae2022-01-04 14:22:47.710root 11241100x80000000000000004288370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7c4bf04c4f1bd12022-01-04 14:22:47.710root 11241100x80000000000000004288371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aa0c397f7d104c2022-01-04 14:22:47.710root 11241100x80000000000000004288372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec48545a88054262022-01-04 14:22:47.710root 11241100x80000000000000004288373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cfad24f30813d52022-01-04 14:22:47.710root 11241100x80000000000000004288374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f46a7f9187483c2022-01-04 14:22:47.710root 11241100x80000000000000004288375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654b313fda3b0c1a2022-01-04 14:22:47.710root 11241100x80000000000000004288376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253b4d6cf8accef02022-01-04 14:22:47.710root 11241100x80000000000000004288377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb67190bc7d8287e2022-01-04 14:22:47.710root 11241100x80000000000000004288378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1d138bafbc10942022-01-04 14:22:47.710root 11241100x80000000000000004288379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c821cb25837308d2022-01-04 14:22:47.710root 11241100x80000000000000004288380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df7318fd7cc1a392022-01-04 14:22:47.710root 11241100x80000000000000004288381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789e14c92bcd0ecc2022-01-04 14:22:47.710root 11241100x80000000000000004288382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f394bc3dd4477f2022-01-04 14:22:47.711root 11241100x80000000000000004288383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07f46c2c0ae75d72022-01-04 14:22:47.711root 11241100x80000000000000004288384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb8280cc6a6ff382022-01-04 14:22:47.711root 11241100x80000000000000004288385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeee89eba8889da42022-01-04 14:22:47.711root 11241100x80000000000000004288386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dc6d5386a73ef02022-01-04 14:22:47.711root 11241100x80000000000000004288387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c53e23b9b4f3392022-01-04 14:22:47.711root 11241100x80000000000000004288388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5b9fba877c44ae2022-01-04 14:22:47.711root 11241100x80000000000000004288389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6eb6eca339328d2022-01-04 14:22:47.711root 11241100x80000000000000004288390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc36cb21d897f68c2022-01-04 14:22:47.711root 11241100x80000000000000004288391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c56a47e0779e732022-01-04 14:22:47.711root 11241100x80000000000000004288392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e81409503b3b5f2022-01-04 14:22:47.711root 11241100x80000000000000004288393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7754bc44197e9bf82022-01-04 14:22:47.712root 11241100x80000000000000004288394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e8f38b7dffd43c2022-01-04 14:22:47.712root 11241100x80000000000000004288395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ee37113454912e2022-01-04 14:22:47.712root 11241100x80000000000000004288396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1bfc8c75ba56a2022-01-04 14:22:47.712root 11241100x80000000000000004288397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8267d7c400fcbf7e2022-01-04 14:22:48.209root 11241100x80000000000000004288398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5c2efcaa810fc02022-01-04 14:22:48.209root 11241100x80000000000000004288399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa46e9f87d74862a2022-01-04 14:22:48.209root 11241100x80000000000000004288400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ed5d7110ea40262022-01-04 14:22:48.209root 11241100x80000000000000004288401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c4f7eeab81c1be2022-01-04 14:22:48.209root 11241100x80000000000000004288402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f729879347c19922022-01-04 14:22:48.209root 11241100x80000000000000004288403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ac4b29a45607ea2022-01-04 14:22:48.210root 11241100x80000000000000004288404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c951134514f7ea2022-01-04 14:22:48.210root 11241100x80000000000000004288405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3002bd784f1603e2022-01-04 14:22:48.210root 11241100x80000000000000004288406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7dcbe1c5397aee2022-01-04 14:22:48.210root 11241100x80000000000000004288407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d324a702b40800f2022-01-04 14:22:48.210root 11241100x80000000000000004288408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07260b4e706f47222022-01-04 14:22:48.210root 11241100x80000000000000004288409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef00b88865c94c362022-01-04 14:22:48.210root 11241100x80000000000000004288410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc0cbad9ffaf3992022-01-04 14:22:48.210root 11241100x80000000000000004288411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fe79c79a4503332022-01-04 14:22:48.210root 11241100x80000000000000004288412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0e459dd9fbf17b2022-01-04 14:22:48.210root 11241100x80000000000000004288413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3a116a7fcd9a1e2022-01-04 14:22:48.210root 11241100x80000000000000004288414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5d15bc9c20451e2022-01-04 14:22:48.210root 11241100x80000000000000004288415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c563aea67dfd152022-01-04 14:22:48.210root 11241100x80000000000000004288416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76dfc2a1c2397792022-01-04 14:22:48.210root 11241100x80000000000000004288417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da67ea7f693217312022-01-04 14:22:48.210root 11241100x80000000000000004288418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50b08d39f9f4c682022-01-04 14:22:48.210root 11241100x80000000000000004288419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c51243592867cf72022-01-04 14:22:48.211root 11241100x80000000000000004288420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78755af820cb9b302022-01-04 14:22:48.211root 11241100x80000000000000004288421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5885a738e89dde742022-01-04 14:22:48.211root 11241100x80000000000000004288422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373505114e2b2b452022-01-04 14:22:48.211root 11241100x80000000000000004288423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1c30ef8ac113452022-01-04 14:22:48.211root 11241100x80000000000000004288424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f507f71f800b3782022-01-04 14:22:48.211root 11241100x80000000000000004288425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069092975d683d62022-01-04 14:22:48.211root 11241100x80000000000000004288426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763b2a0571ca8fa12022-01-04 14:22:48.211root 11241100x80000000000000004288427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039352c80ea4ba9f2022-01-04 14:22:48.211root 11241100x80000000000000004288428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ea237ce23e20e02022-01-04 14:22:48.211root 11241100x80000000000000004288429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c377ebb1181579af2022-01-04 14:22:48.211root 11241100x80000000000000004288430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0f0957549d40282022-01-04 14:22:48.211root 11241100x80000000000000004288431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3222871cd5023c72022-01-04 14:22:48.211root 11241100x80000000000000004288432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac169e663b8226b42022-01-04 14:22:48.211root 11241100x80000000000000004288433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807118045617b83a2022-01-04 14:22:48.211root 11241100x80000000000000004288434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb957824e1914ca72022-01-04 14:22:48.211root 11241100x80000000000000004288435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12e6e580e3fc9442022-01-04 14:22:48.212root 11241100x80000000000000004288436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fbd69c2a09b49e2022-01-04 14:22:48.212root 11241100x80000000000000004288437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148f6dfa002a51142022-01-04 14:22:48.212root 11241100x80000000000000004288438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb0d7aa611a8a172022-01-04 14:22:48.212root 11241100x80000000000000004288439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee6b5c9117520f2022-01-04 14:22:48.212root 11241100x80000000000000004288440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1502b24cea89ca042022-01-04 14:22:48.212root 11241100x80000000000000004288441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a440465b19909daf2022-01-04 14:22:48.212root 11241100x80000000000000004288442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b382d71751c13aa42022-01-04 14:22:48.212root 11241100x80000000000000004288443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d9cd46efe4a942022-01-04 14:22:48.212root 11241100x80000000000000004288444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321a0e33f194fdea2022-01-04 14:22:48.212root 11241100x80000000000000004288445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0872ec6215fab8652022-01-04 14:22:48.212root 11241100x80000000000000004288446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbaaf0bd6e895a42022-01-04 14:22:48.212root 11241100x80000000000000004288447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c66daded58d29f92022-01-04 14:22:48.212root 11241100x80000000000000004288448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790ff4a1559a500b2022-01-04 14:22:48.213root 11241100x80000000000000004288449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3a3dd76ce873322022-01-04 14:22:48.213root 11241100x80000000000000004288450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d810cbe97a36a682022-01-04 14:22:48.213root 11241100x80000000000000004288451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f757e3e291e491c2022-01-04 14:22:48.213root 11241100x80000000000000004288452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262cc1dea9ee479f2022-01-04 14:22:48.213root 11241100x80000000000000004288453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c68fee46ae62262022-01-04 14:22:48.213root 11241100x80000000000000004288454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93bccc439b900752022-01-04 14:22:48.213root 11241100x80000000000000004288455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e4510a1b0504db2022-01-04 14:22:48.213root 11241100x80000000000000004288456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb69f20ad228247c2022-01-04 14:22:48.213root 11241100x80000000000000004288457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679bad5be7261cbe2022-01-04 14:22:48.213root 11241100x80000000000000004288458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d679b1bbc604ed12022-01-04 14:22:48.213root 11241100x80000000000000004288459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff0aae66bd11a822022-01-04 14:22:48.709root 11241100x80000000000000004288460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af315f4ddd7d4fb92022-01-04 14:22:48.710root 11241100x80000000000000004288461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0745bfb628d3e4232022-01-04 14:22:48.710root 11241100x80000000000000004288462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a3068d36beadcc2022-01-04 14:22:48.710root 11241100x80000000000000004288463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d623314df86445c02022-01-04 14:22:48.710root 11241100x80000000000000004288464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcfea1ab32eb9572022-01-04 14:22:48.710root 11241100x80000000000000004288465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fce2fb658f17f32022-01-04 14:22:48.710root 11241100x80000000000000004288466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43a0a8ad2b3aa5b2022-01-04 14:22:48.710root 11241100x80000000000000004288467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db3c753953b364a2022-01-04 14:22:48.710root 11241100x80000000000000004288468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7475f8f815aa7f72022-01-04 14:22:48.710root 11241100x80000000000000004288469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc13ace0e72e8f202022-01-04 14:22:48.710root 11241100x80000000000000004288470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9286ae9e3e1359fc2022-01-04 14:22:48.710root 11241100x80000000000000004288471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2996bbd5cf3467842022-01-04 14:22:48.710root 11241100x80000000000000004288472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9642f9ef0a3325e02022-01-04 14:22:48.711root 11241100x80000000000000004288473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80989f0f5c9a80b2022-01-04 14:22:48.711root 11241100x80000000000000004288474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a8fd4834e802f72022-01-04 14:22:48.711root 11241100x80000000000000004288475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e074b9db0e76bff92022-01-04 14:22:48.711root 11241100x80000000000000004288476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b16bf27926e887c2022-01-04 14:22:48.711root 11241100x80000000000000004288477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618b3285570e7a1c2022-01-04 14:22:48.711root 11241100x80000000000000004288478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec11671e43a6b1932022-01-04 14:22:48.711root 11241100x80000000000000004288479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102c1526aaae27702022-01-04 14:22:48.711root 11241100x80000000000000004288480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f060bc019d5f1742022-01-04 14:22:48.711root 11241100x80000000000000004288481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2967622e483511d72022-01-04 14:22:48.711root 11241100x80000000000000004288482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e41c28bcde5f8d2022-01-04 14:22:48.711root 11241100x80000000000000004288483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6e0f75ce2a8d7b2022-01-04 14:22:48.711root 11241100x80000000000000004288484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebfbc501a192f202022-01-04 14:22:48.712root 11241100x80000000000000004288485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a73f9b838dd4022022-01-04 14:22:48.712root 11241100x80000000000000004288486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84b1049cd4fef392022-01-04 14:22:48.712root 11241100x80000000000000004288487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d656907f169882022-01-04 14:22:48.712root 11241100x80000000000000004288488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9b49ff37c86c212022-01-04 14:22:48.712root 11241100x80000000000000004288489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b78e76893ad91f2022-01-04 14:22:48.712root 11241100x80000000000000004288490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2086f6a749171e6b2022-01-04 14:22:48.712root 11241100x80000000000000004288491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185daf2bf17c15812022-01-04 14:22:48.712root 11241100x80000000000000004288492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1dcd3855ce90812022-01-04 14:22:48.712root 11241100x80000000000000004288493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513fcabdd7a251c62022-01-04 14:22:48.712root 11241100x80000000000000004288494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7893b8d091eb8d512022-01-04 14:22:48.712root 11241100x80000000000000004288495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bc5375bebdc7982022-01-04 14:22:48.712root 11241100x80000000000000004288496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660a69477a586ab92022-01-04 14:22:48.712root 11241100x80000000000000004288497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90205d0a1bc276952022-01-04 14:22:48.713root 11241100x80000000000000004288498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c2325e587075442022-01-04 14:22:48.713root 11241100x80000000000000004288499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184ef9859eba550a2022-01-04 14:22:48.713root 11241100x80000000000000004288500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597c73c8457602c62022-01-04 14:22:48.713root 11241100x80000000000000004288501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277db46d59f53f9b2022-01-04 14:22:48.713root 11241100x80000000000000004288502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4a6369696262202022-01-04 14:22:48.713root 11241100x80000000000000004288503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f2354824206c9a2022-01-04 14:22:48.713root 11241100x80000000000000004288504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8fa8796be7b1c62022-01-04 14:22:48.713root 11241100x80000000000000004288505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560ed3bf6a4a901e2022-01-04 14:22:48.713root 11241100x80000000000000004288506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c30a78a7916cb4c2022-01-04 14:22:48.713root 11241100x80000000000000004288507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b869e446c61dd12022-01-04 14:22:48.714root 11241100x80000000000000004288508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d04cc4a145bbde2022-01-04 14:22:48.714root 11241100x80000000000000004288509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49abce2e7bca237b2022-01-04 14:22:48.714root 11241100x80000000000000004288510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd7166560ead3f62022-01-04 14:22:48.714root 11241100x80000000000000004288511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d4850410bc25fe2022-01-04 14:22:48.714root 11241100x80000000000000004288512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb672d178c2b2eb2022-01-04 14:22:48.714root 11241100x80000000000000004288513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506f1ebacec2106e2022-01-04 14:22:48.714root 11241100x80000000000000004288514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d8901fdecce262022-01-04 14:22:48.714root 11241100x80000000000000004288515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1149ec98ff63e3512022-01-04 14:22:48.714root 11241100x80000000000000004288516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d49ae4e4df14a912022-01-04 14:22:48.714root 11241100x80000000000000004288517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537493e367097aee2022-01-04 14:22:48.714root 11241100x80000000000000004288518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afab3ddb4dab30c2022-01-04 14:22:48.714root 11241100x80000000000000004288519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab52a0181f15e352022-01-04 14:22:48.714root 11241100x80000000000000004288520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536bae446edeac302022-01-04 14:22:49.210root 11241100x80000000000000004288521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35857b97bddf2952022-01-04 14:22:49.210root 11241100x80000000000000004288522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982e49f71a3336602022-01-04 14:22:49.210root 11241100x80000000000000004288523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c62111e8620165b2022-01-04 14:22:49.210root 11241100x80000000000000004288524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6243d23d11c2f80e2022-01-04 14:22:49.210root 11241100x80000000000000004288525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ff58bfcfa129052022-01-04 14:22:49.210root 11241100x80000000000000004288526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d4ac27aaeecd1c2022-01-04 14:22:49.210root 11241100x80000000000000004288527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef1e2de2809c962022-01-04 14:22:49.210root 11241100x80000000000000004288528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5f057e24126b922022-01-04 14:22:49.210root 11241100x80000000000000004288529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef19d26c8be62502022-01-04 14:22:49.210root 11241100x80000000000000004288530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454169e5b67ca742022-01-04 14:22:49.210root 11241100x80000000000000004288531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90402791d8d0c1a2022-01-04 14:22:49.211root 11241100x80000000000000004288532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b775b0856047b5c2022-01-04 14:22:49.211root 11241100x80000000000000004288533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0d72d2416b78a02022-01-04 14:22:49.211root 11241100x80000000000000004288534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be79e51236ca7d212022-01-04 14:22:49.211root 11241100x80000000000000004288535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57bb53c36c21acc2022-01-04 14:22:49.211root 11241100x80000000000000004288536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc63f9341688de5a2022-01-04 14:22:49.211root 11241100x80000000000000004288537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bcbef9760f6d0f2022-01-04 14:22:49.211root 11241100x80000000000000004288538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9144936ceb7174062022-01-04 14:22:49.211root 11241100x80000000000000004288539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2d90140b353e522022-01-04 14:22:49.211root 11241100x80000000000000004288540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efd5578f175b9492022-01-04 14:22:49.211root 11241100x80000000000000004288541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b465d4b824a8df02022-01-04 14:22:49.211root 11241100x80000000000000004288542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54816122387431ef2022-01-04 14:22:49.211root 11241100x80000000000000004288543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9751aaba647090eb2022-01-04 14:22:49.211root 11241100x80000000000000004288544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fdbebd44b463e52022-01-04 14:22:49.212root 11241100x80000000000000004288545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d206d7fd257fa4bc2022-01-04 14:22:49.212root 11241100x80000000000000004288546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11e88881a49b0112022-01-04 14:22:49.212root 11241100x80000000000000004288547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcf31a26ee6d2862022-01-04 14:22:49.212root 11241100x80000000000000004288548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d54b14c55745e12022-01-04 14:22:49.212root 11241100x80000000000000004288549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b048da5783382e2022-01-04 14:22:49.212root 11241100x80000000000000004288550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d195b1b549cd13852022-01-04 14:22:49.212root 11241100x80000000000000004288551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95a3b3290e8702c2022-01-04 14:22:49.212root 11241100x80000000000000004288552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2ad19c4f4294952022-01-04 14:22:49.212root 11241100x80000000000000004288553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db5bd4dc72453552022-01-04 14:22:49.212root 11241100x80000000000000004288554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61711262bdd79cb32022-01-04 14:22:49.212root 11241100x80000000000000004288555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a6a661b3af89172022-01-04 14:22:49.212root 11241100x80000000000000004288556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20135cd7edf3abdb2022-01-04 14:22:49.709root 11241100x80000000000000004288557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57f266f6e9254662022-01-04 14:22:49.709root 11241100x80000000000000004288558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a732ab217cbdae272022-01-04 14:22:49.709root 11241100x80000000000000004288559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57fef66b8b399692022-01-04 14:22:49.710root 11241100x80000000000000004288560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1431448ee7a2d9bb2022-01-04 14:22:49.710root 11241100x80000000000000004288561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49734d19b298323e2022-01-04 14:22:49.710root 11241100x80000000000000004288562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ed4f488eff0cea2022-01-04 14:22:49.710root 11241100x80000000000000004288563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16960b312d8420e02022-01-04 14:22:49.710root 11241100x80000000000000004288564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e84fe40b993a3e42022-01-04 14:22:49.710root 11241100x80000000000000004288565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55562977e66aaa6f2022-01-04 14:22:49.710root 11241100x80000000000000004288566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741eadcc6bd51f22022-01-04 14:22:49.710root 11241100x80000000000000004288567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb93dcfc28c21ff62022-01-04 14:22:49.710root 11241100x80000000000000004288568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2c7ff3ca26a07c2022-01-04 14:22:49.710root 11241100x80000000000000004288569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeddaa7e60d3e6362022-01-04 14:22:49.710root 11241100x80000000000000004288570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b5917ff91f35a2022-01-04 14:22:49.710root 11241100x80000000000000004288571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2e986edcad41d82022-01-04 14:22:49.711root 11241100x80000000000000004288572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086da46a517c5c32022-01-04 14:22:49.711root 11241100x80000000000000004288573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8733486e66b9c33f2022-01-04 14:22:49.711root 11241100x80000000000000004288574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee560a540f333a62022-01-04 14:22:49.711root 11241100x80000000000000004288575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be5fea362da222a2022-01-04 14:22:49.711root 11241100x80000000000000004288576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5214f9c2557984d32022-01-04 14:22:49.711root 11241100x80000000000000004288577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3ced02ddf3617b2022-01-04 14:22:49.711root 11241100x80000000000000004288578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8e8fdd89eb7dac2022-01-04 14:22:49.711root 11241100x80000000000000004288579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e6300dd2cdfb492022-01-04 14:22:49.711root 11241100x80000000000000004288580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918db28683c36b512022-01-04 14:22:49.711root 11241100x80000000000000004288581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d960522d0bbcce2022-01-04 14:22:49.712root 11241100x80000000000000004288582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec82d55e84dadfd02022-01-04 14:22:49.712root 11241100x80000000000000004288583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bbfeb0269d14822022-01-04 14:22:49.712root 11241100x80000000000000004288584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0172df3f940a762022-01-04 14:22:49.712root 11241100x80000000000000004288585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6430c927ee6c39cd2022-01-04 14:22:49.712root 11241100x80000000000000004288586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05682e1d31eff0752022-01-04 14:22:49.712root 11241100x80000000000000004288587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c4e36e3e8a35c12022-01-04 14:22:49.712root 11241100x80000000000000004288588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a17bd16016dbd1c2022-01-04 14:22:49.712root 11241100x80000000000000004288589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4aa027ad1d32672022-01-04 14:22:49.712root 11241100x80000000000000004288590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8142780030923e2022-01-04 14:22:49.712root 11241100x80000000000000004288591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f855acac615aad692022-01-04 14:22:49.712root 11241100x80000000000000004288592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a797a12feb745de22022-01-04 14:22:49.713root 11241100x80000000000000004288593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316f308b079ef3fa2022-01-04 14:22:49.713root 11241100x80000000000000004288594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe803f2bd1ddb2a62022-01-04 14:22:49.713root 11241100x80000000000000004288595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1166d3f4c122d63c2022-01-04 14:22:49.713root 11241100x80000000000000004288596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66478737516261262022-01-04 14:22:49.713root 11241100x80000000000000004288597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a028160d40aeda2022-01-04 14:22:49.713root 11241100x80000000000000004288598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812fdb439424259f2022-01-04 14:22:49.713root 11241100x80000000000000004288599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8460d7737bfcc2b72022-01-04 14:22:49.713root 11241100x80000000000000004288600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44da2be04c80c372022-01-04 14:22:49.713root 11241100x80000000000000004288601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40d34b427cb90c12022-01-04 14:22:49.713root 11241100x80000000000000004288602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de8678b18bd3bc82022-01-04 14:22:49.714root 11241100x80000000000000004288603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031312404e15167d2022-01-04 14:22:49.714root 11241100x80000000000000004288604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5128e4746776a7e22022-01-04 14:22:49.714root 11241100x80000000000000004288605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67692d28ce2594bd2022-01-04 14:22:49.714root 11241100x80000000000000004288606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6be4216151d9be2022-01-04 14:22:49.714root 11241100x80000000000000004288607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c864a43becba52022-01-04 14:22:49.714root 11241100x80000000000000004288608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10baf0d50938a0c62022-01-04 14:22:49.714root 11241100x80000000000000004288609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5559424f0312c5ca2022-01-04 14:22:49.714root 11241100x80000000000000004288610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1c464e400582c22022-01-04 14:22:49.714root 11241100x80000000000000004288611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab14e088802e3692022-01-04 14:22:49.714root 11241100x80000000000000004288612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ccc11c814dbbd42022-01-04 14:22:49.715root 11241100x80000000000000004288613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf3173b0b6bd5f32022-01-04 14:22:49.715root 11241100x80000000000000004288614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f2a69eeab83eb02022-01-04 14:22:49.715root 11241100x80000000000000004288615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c1d1bbeffbcc5c2022-01-04 14:22:49.715root 11241100x80000000000000004288616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d421c8f47bcdfb2022-01-04 14:22:49.715root 11241100x80000000000000004288617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cae1438eccb8e52022-01-04 14:22:49.715root 11241100x80000000000000004288618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87564181a2fc48fb2022-01-04 14:22:49.715root 11241100x80000000000000004288619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d7fd519cd2dfad2022-01-04 14:22:49.715root 11241100x80000000000000004288620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52adda6e656b3252022-01-04 14:22:49.715root 11241100x80000000000000004288621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2d12e72770a9fc2022-01-04 14:22:49.715root 11241100x80000000000000004288622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc19c0119b38bdd62022-01-04 14:22:49.715root 11241100x80000000000000004288623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7ab47698e3a7bc2022-01-04 14:22:49.715root 11241100x80000000000000004288624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f1fba63ce413042022-01-04 14:22:49.715root 11241100x80000000000000004288625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:22:49.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb2232665a3575c2022-01-04 14:22:49.716root 11241100x80000000000000004288664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:01.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:23:01.221root 11241100x80000000000000004288665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad80626316441dd82022-01-04 14:23:01.709root 11241100x80000000000000004288666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3a2e8cf46e11052022-01-04 14:23:02.209root 11241100x80000000000000004288667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e2038f4c7377262022-01-04 14:23:02.709root 11241100x80000000000000004288668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92b0374a5aa13c02022-01-04 14:23:03.209root 11241100x80000000000000004288669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624d18a108e368c82022-01-04 14:23:03.709root 354300x80000000000000004288670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.047{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41614-false10.0.1.12-8000- 11241100x80000000000000004288671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.047{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2cdc888cf2410b2022-01-04 14:23:04.047root 23542300x80000000000000004288672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.155{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004288673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229e1aa63e70110e2022-01-04 14:23:04.459root 11241100x80000000000000004288674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df93e64303182522022-01-04 14:23:04.459root 11241100x80000000000000004288675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ce469db4caaa632022-01-04 14:23:04.459root 11241100x80000000000000004288676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba68209f97d56e82022-01-04 14:23:04.959root 11241100x80000000000000004288677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5715dfffb4627c852022-01-04 14:23:04.959root 11241100x80000000000000004288678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1ac1214e8ce6b32022-01-04 14:23:04.959root 11241100x80000000000000004288679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0af8cb4ad6ec6352022-01-04 14:23:05.459root 11241100x80000000000000004288680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e778369eca952f932022-01-04 14:23:05.459root 11241100x80000000000000004288681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088aa63a708d45832022-01-04 14:23:05.459root 11241100x80000000000000004288682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e57a4717055bb12022-01-04 14:23:05.959root 11241100x80000000000000004288683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a59a47f6541aeda2022-01-04 14:23:05.959root 11241100x80000000000000004288684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dbc3c7ffe69c1f2022-01-04 14:23:05.959root 11241100x80000000000000004288685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e032c7d769c5a6dd2022-01-04 14:23:06.459root 11241100x80000000000000004288686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa9026afe9467cc2022-01-04 14:23:06.459root 11241100x80000000000000004288687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbd07d323aa0aba2022-01-04 14:23:06.459root 11241100x80000000000000004288688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94ffbe84faae8f82022-01-04 14:23:06.959root 11241100x80000000000000004288689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23aa080284e89a82022-01-04 14:23:06.959root 11241100x80000000000000004288690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65cab2f35c2be3c2022-01-04 14:23:06.959root 11241100x80000000000000004288691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7be432804281e8a2022-01-04 14:23:07.459root 11241100x80000000000000004288692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe045ffdcb0e6172022-01-04 14:23:07.459root 11241100x80000000000000004288693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8771814fac6507e22022-01-04 14:23:07.459root 11241100x80000000000000004288694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d744487a4b951bf02022-01-04 14:23:07.959root 11241100x80000000000000004288695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699884b9022833082022-01-04 14:23:07.960root 11241100x80000000000000004288696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba06a3a6f8d331b2022-01-04 14:23:07.960root 11241100x80000000000000004288697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccba41ac2262ef02022-01-04 14:23:08.459root 11241100x80000000000000004288698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7897b086e7487ef12022-01-04 14:23:08.459root 11241100x80000000000000004288699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b87c3628ede24022022-01-04 14:23:08.459root 11241100x80000000000000004288700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018b3fb75e2190242022-01-04 14:23:08.959root 11241100x80000000000000004288701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d521ee0ce5d657a2022-01-04 14:23:08.959root 11241100x80000000000000004288702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654966d522a0d8d22022-01-04 14:23:08.959root 354300x80000000000000004288703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.236{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41616-false10.0.1.12-8000- 11241100x80000000000000004288704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425260738a95aa22022-01-04 14:23:09.236root 11241100x80000000000000004288705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad637e99309c6e12022-01-04 14:23:09.237root 11241100x80000000000000004288706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.237{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf136b7c023bfda52022-01-04 14:23:09.237root 11241100x80000000000000004288707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c39f58c3e72c3c52022-01-04 14:23:09.709root 11241100x80000000000000004288708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f08dcc0f9e55972022-01-04 14:23:09.709root 11241100x80000000000000004288709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5d648ae53b65c2022-01-04 14:23:09.709root 11241100x80000000000000004288710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434242dee71df0822022-01-04 14:23:09.709root 154100x80000000000000004288711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.896{ec2e79f3-584d-61d4-6844-57886c550000}15009/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 534500x80000000000000004288712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:09.912{ec2e79f3-584d-61d4-6844-57886c550000}15009/bin/psroot 11241100x80000000000000004288713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188bfcff5b416b102022-01-04 14:23:10.209root 11241100x80000000000000004288714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416d551dfc1513842022-01-04 14:23:10.209root 11241100x80000000000000004288715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59cbf2a795507332022-01-04 14:23:10.209root 11241100x80000000000000004288716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84297059e0280d962022-01-04 14:23:10.210root 11241100x80000000000000004288717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f75f1eb7608ed782022-01-04 14:23:10.210root 11241100x80000000000000004288718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c20dc5a209ac9ef2022-01-04 14:23:10.210root 11241100x80000000000000004288719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11710a64004509692022-01-04 14:23:10.709root 11241100x80000000000000004288720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ff1c44538ede12022-01-04 14:23:10.709root 11241100x80000000000000004288721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d141d4c879aba32022-01-04 14:23:10.709root 11241100x80000000000000004288722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ac4da3063b51c2022-01-04 14:23:10.709root 11241100x80000000000000004288723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d096dea94de5ee92022-01-04 14:23:10.709root 11241100x80000000000000004288724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e4c1b8c6d33d382022-01-04 14:23:10.709root 11241100x80000000000000004288725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5219098ede032b2022-01-04 14:23:11.209root 11241100x80000000000000004288726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc3274849d614a82022-01-04 14:23:11.209root 11241100x80000000000000004288727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d936bd411eb7e4a42022-01-04 14:23:11.209root 11241100x80000000000000004288728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78b59546b7a1a232022-01-04 14:23:11.209root 11241100x80000000000000004288729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a97d91a8e5b15be2022-01-04 14:23:11.210root 11241100x80000000000000004288730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bebea9fa1be13732022-01-04 14:23:11.210root 11241100x80000000000000004288731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a94d0f4c1ecc752022-01-04 14:23:11.709root 11241100x80000000000000004288732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3de8454e0162bd2022-01-04 14:23:11.709root 11241100x80000000000000004288733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cbd5883542b41a2022-01-04 14:23:11.709root 11241100x80000000000000004288734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbe87657e4e26c12022-01-04 14:23:11.709root 11241100x80000000000000004288735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48a81cbad334d12022-01-04 14:23:11.709root 11241100x80000000000000004288736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7b428ed4cb524b2022-01-04 14:23:11.709root 11241100x80000000000000004288737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f580d8da44bc9aa62022-01-04 14:23:12.209root 11241100x80000000000000004288738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e6b560a2d897902022-01-04 14:23:12.209root 11241100x80000000000000004288739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1a18945fbb13442022-01-04 14:23:12.209root 11241100x80000000000000004288740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2727f5cb617178f32022-01-04 14:23:12.209root 11241100x80000000000000004288741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3142c933f55fd6c2022-01-04 14:23:12.209root 11241100x80000000000000004288742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1aa05495fde049e2022-01-04 14:23:12.209root 11241100x80000000000000004288743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d5a6a888865a9c2022-01-04 14:23:12.709root 11241100x80000000000000004288744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b5922c0b2b78cf2022-01-04 14:23:12.709root 11241100x80000000000000004288745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8045a14e60d41a92022-01-04 14:23:12.710root 11241100x80000000000000004288746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8991b7f221444c1e2022-01-04 14:23:12.710root 11241100x80000000000000004288747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a429b166a9d50f7c2022-01-04 14:23:12.710root 11241100x80000000000000004288748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a99ea5c554a3602022-01-04 14:23:12.710root 11241100x80000000000000004288749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f80b9e9db2d83f2022-01-04 14:23:13.209root 11241100x80000000000000004288750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700b88fa0f60241c2022-01-04 14:23:13.209root 11241100x80000000000000004288751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6216fbcb538385212022-01-04 14:23:13.209root 11241100x80000000000000004288752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c7d5cca09dec322022-01-04 14:23:13.210root 11241100x80000000000000004288753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ea04b8a168e7182022-01-04 14:23:13.210root 11241100x80000000000000004288754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ac12f962ef20e92022-01-04 14:23:13.210root 11241100x80000000000000004288755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c56aacd551b232022-01-04 14:23:13.709root 11241100x80000000000000004288756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac106ce9ee4329d2022-01-04 14:23:13.709root 11241100x80000000000000004288757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f834692c61ddaf22022-01-04 14:23:13.709root 11241100x80000000000000004288758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca6bec90c4beca82022-01-04 14:23:13.709root 11241100x80000000000000004288759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363f15cb14c9dcea2022-01-04 14:23:13.709root 11241100x80000000000000004288760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a5046d664c5462022-01-04 14:23:13.709root 11241100x80000000000000004288761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faafb1599963aad12022-01-04 14:23:14.209root 11241100x80000000000000004288762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40475d6d78ffd9ec2022-01-04 14:23:14.209root 11241100x80000000000000004288763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7942b3565970d4502022-01-04 14:23:14.209root 11241100x80000000000000004288764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f8e0bf09eead052022-01-04 14:23:14.209root 11241100x80000000000000004288765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373063684ea947f72022-01-04 14:23:14.209root 11241100x80000000000000004288766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a72c84d68a04f32022-01-04 14:23:14.209root 11241100x80000000000000004288767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653a9c166fac076d2022-01-04 14:23:14.709root 11241100x80000000000000004288768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4feb225919e6e2f52022-01-04 14:23:14.709root 11241100x80000000000000004288769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ef229af5f7f9fb2022-01-04 14:23:14.710root 11241100x80000000000000004288770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7559c51aad04f7202022-01-04 14:23:14.710root 11241100x80000000000000004288771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a46e5850acacfb2022-01-04 14:23:14.711root 11241100x80000000000000004288772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:23:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b706c44e967d1732022-01-04 14:23:14.711root