11241100x80000000000000004276118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6f803c9542e3672022-01-04 14:18:15.459root 11241100x80000000000000004276119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79557e1de06fda22022-01-04 14:18:15.459root 11241100x80000000000000004276120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88acb1bb811e7082022-01-04 14:18:15.460root 11241100x80000000000000004276121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd501884df943e942022-01-04 14:18:15.460root 11241100x80000000000000004276122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cf51a9ae25b5d42022-01-04 14:18:15.460root 11241100x80000000000000004276123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f921bf982d743302022-01-04 14:18:15.460root 11241100x80000000000000004276124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7480ebb9e74e82c2022-01-04 14:18:15.460root 11241100x80000000000000004276125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54f1685da05e6f62022-01-04 14:18:15.460root 11241100x80000000000000004276126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02525cdc606e85c22022-01-04 14:18:15.460root 11241100x80000000000000004276127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad615a4b2f5d9a442022-01-04 14:18:15.461root 11241100x80000000000000004276128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90589aa0824fe7c62022-01-04 14:18:15.461root 11241100x80000000000000004276129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e2a13a207f2f142022-01-04 14:18:15.461root 11241100x80000000000000004276130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82da6b07dcabc7a2022-01-04 14:18:15.461root 11241100x80000000000000004276131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888e37786dfb1042022-01-04 14:18:15.461root 11241100x80000000000000004276132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d95ca09a8ca99502022-01-04 14:18:15.461root 11241100x80000000000000004276133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a22cc08cc845f32022-01-04 14:18:15.461root 11241100x80000000000000004276134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3575bb0436635fa2022-01-04 14:18:15.461root 11241100x80000000000000004276135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13295c85c9b75a5a2022-01-04 14:18:15.461root 11241100x80000000000000004276136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bf1885d596ec492022-01-04 14:18:15.461root 11241100x80000000000000004276137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e73eaa4c40beb22022-01-04 14:18:15.960root 11241100x80000000000000004276138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7bc9eee49e45f02022-01-04 14:18:15.960root 11241100x80000000000000004276139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224ba931864836ea2022-01-04 14:18:15.960root 11241100x80000000000000004276140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c770a0d0e227bd2022-01-04 14:18:15.960root 11241100x80000000000000004276141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b326ecafbabf4fb02022-01-04 14:18:15.960root 11241100x80000000000000004276142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86236dd5e112745b2022-01-04 14:18:15.960root 11241100x80000000000000004276143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de23cdf36bb81e42022-01-04 14:18:15.960root 11241100x80000000000000004276144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59393b14c7838cc72022-01-04 14:18:15.960root 11241100x80000000000000004276145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6667eea436f1432022-01-04 14:18:15.961root 11241100x80000000000000004276146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7459cdf077e319d2022-01-04 14:18:15.961root 11241100x80000000000000004276147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c00942a6c496e82022-01-04 14:18:15.961root 11241100x80000000000000004276148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bca4fca47d694ff2022-01-04 14:18:15.961root 11241100x80000000000000004276149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0506dbde82820aac2022-01-04 14:18:15.961root 11241100x80000000000000004276150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2862ac336900f82022-01-04 14:18:15.962root 11241100x80000000000000004276151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1f50699e6356c2022-01-04 14:18:15.962root 11241100x80000000000000004276152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af64172436f5fc52022-01-04 14:18:15.962root 11241100x80000000000000004276153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6af2b55e8da6a5e2022-01-04 14:18:15.962root 11241100x80000000000000004276154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a85cd30885b5f12022-01-04 14:18:15.962root 11241100x80000000000000004276155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:15.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e1b95de24700162022-01-04 14:18:15.962root 11241100x80000000000000004276156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0122f34eb02ff87a2022-01-04 14:18:16.460root 11241100x80000000000000004276157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac7541a3a0cd5d02022-01-04 14:18:16.460root 11241100x80000000000000004276158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1272d3441aae60a82022-01-04 14:18:16.460root 11241100x80000000000000004276159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5709ad10ca4172022-01-04 14:18:16.460root 11241100x80000000000000004276160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a703ab3d05f3662022-01-04 14:18:16.460root 11241100x80000000000000004276161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2b79005b5cc8982022-01-04 14:18:16.460root 11241100x80000000000000004276162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0893f4a69d2cb52022-01-04 14:18:16.460root 11241100x80000000000000004276163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f325a97d48df02022-01-04 14:18:16.460root 11241100x80000000000000004276164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed7b86b97bc54292022-01-04 14:18:16.460root 11241100x80000000000000004276165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bce80082d5d6ae12022-01-04 14:18:16.460root 11241100x80000000000000004276166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22c0b7a9c7e81ec2022-01-04 14:18:16.460root 11241100x80000000000000004276167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ded1c097498b852022-01-04 14:18:16.460root 11241100x80000000000000004276168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87742e28d11445242022-01-04 14:18:16.460root 11241100x80000000000000004276169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100d84725156bf5e2022-01-04 14:18:16.461root 11241100x80000000000000004276170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8caf9ed27f76d52022-01-04 14:18:16.461root 11241100x80000000000000004276171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6c8eca8aa240802022-01-04 14:18:16.461root 11241100x80000000000000004276172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299dee1843f9374c2022-01-04 14:18:16.461root 11241100x80000000000000004276173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4883c4fbacfa5b2022-01-04 14:18:16.461root 11241100x80000000000000004276174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb0291edddb6ca02022-01-04 14:18:16.461root 11241100x80000000000000004276175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5ab81b127691f92022-01-04 14:18:16.959root 11241100x80000000000000004276176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3010e19dc2e07c2022-01-04 14:18:16.960root 11241100x80000000000000004276177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9a941b78288e7f2022-01-04 14:18:16.960root 11241100x80000000000000004276178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132c770769e23b982022-01-04 14:18:16.960root 11241100x80000000000000004276179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cfca85d7cb0d1b2022-01-04 14:18:16.960root 11241100x80000000000000004276180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f55a6fd704f0652022-01-04 14:18:16.960root 11241100x80000000000000004276181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78db9b87b03c03e2022-01-04 14:18:16.960root 11241100x80000000000000004276182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2556ab7b587ec4de2022-01-04 14:18:16.960root 11241100x80000000000000004276183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15bc93783b9ce8b2022-01-04 14:18:16.960root 11241100x80000000000000004276184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0ed91ced5e1d62022-01-04 14:18:16.960root 11241100x80000000000000004276185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b619f1a29d09af2022-01-04 14:18:16.960root 11241100x80000000000000004276186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3a05f6132194fa2022-01-04 14:18:16.960root 11241100x80000000000000004276187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cd72587834a1162022-01-04 14:18:16.960root 11241100x80000000000000004276188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe94f4c2c93cac72022-01-04 14:18:16.961root 11241100x80000000000000004276189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2fe5258fff0622022-01-04 14:18:16.961root 11241100x80000000000000004276190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce0a48414c480d2022-01-04 14:18:16.961root 11241100x80000000000000004276191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f050198db1f934f2022-01-04 14:18:16.961root 11241100x80000000000000004276192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931779bcd988d1312022-01-04 14:18:16.961root 11241100x80000000000000004276193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:16.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a49b51f6ee3f9572022-01-04 14:18:16.961root 11241100x80000000000000004276194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420b94ef290011d2022-01-04 14:18:17.459root 11241100x80000000000000004276195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2125438d7ad4be6e2022-01-04 14:18:17.459root 11241100x80000000000000004276196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5952b2c800adcaf62022-01-04 14:18:17.460root 11241100x80000000000000004276197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed996b8bfcff1b62022-01-04 14:18:17.460root 11241100x80000000000000004276198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d8751b1d53f2b82022-01-04 14:18:17.460root 11241100x80000000000000004276199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c71f4b79f2616db2022-01-04 14:18:17.460root 11241100x80000000000000004276200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3356e2ac2626f8382022-01-04 14:18:17.460root 11241100x80000000000000004276201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc5e5a16800519a2022-01-04 14:18:17.460root 11241100x80000000000000004276202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc25dd5a88fe53d92022-01-04 14:18:17.460root 11241100x80000000000000004276203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3d9f0074d757d52022-01-04 14:18:17.460root 11241100x80000000000000004276204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32df0360fd2b35eb2022-01-04 14:18:17.460root 11241100x80000000000000004276205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4797e7034141a02022-01-04 14:18:17.460root 11241100x80000000000000004276206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8da35803762212a2022-01-04 14:18:17.461root 11241100x80000000000000004276207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56d8bc3b8d7064b2022-01-04 14:18:17.461root 11241100x80000000000000004276208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9292f643c56531fd2022-01-04 14:18:17.461root 11241100x80000000000000004276209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b53ffa665b17a2a2022-01-04 14:18:17.461root 11241100x80000000000000004276210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0a90e8f5e8ae1d2022-01-04 14:18:17.461root 11241100x80000000000000004276211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc7dade51f178fc2022-01-04 14:18:17.461root 11241100x80000000000000004276212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eca797751bc428c2022-01-04 14:18:17.461root 11241100x80000000000000004276213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910774ff2bf0e35e2022-01-04 14:18:17.960root 11241100x80000000000000004276214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a03c5e2662ad312022-01-04 14:18:17.960root 11241100x80000000000000004276215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d76ca952e99b8d2022-01-04 14:18:17.960root 11241100x80000000000000004276216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2341b41a8242241b2022-01-04 14:18:17.960root 11241100x80000000000000004276217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d876de1f15eeb502022-01-04 14:18:17.960root 11241100x80000000000000004276218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ab61c13ba85ba52022-01-04 14:18:17.960root 11241100x80000000000000004276219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eba9b7dd47be79c2022-01-04 14:18:17.960root 11241100x80000000000000004276220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f410af022c3ee42022-01-04 14:18:17.960root 11241100x80000000000000004276221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62ec0c3cd81fe52022-01-04 14:18:17.960root 11241100x80000000000000004276222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091f3dc249e2e41c2022-01-04 14:18:17.960root 11241100x80000000000000004276223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7a8c169eebcf6a2022-01-04 14:18:17.960root 11241100x80000000000000004276224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ec06edae86ab72022-01-04 14:18:17.961root 11241100x80000000000000004276225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e1965cc407a73f2022-01-04 14:18:17.961root 11241100x80000000000000004276226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4c6cb0655af6802022-01-04 14:18:17.961root 11241100x80000000000000004276227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716932f06b7589642022-01-04 14:18:17.961root 11241100x80000000000000004276228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6f2ec9657a0b62022-01-04 14:18:17.961root 11241100x80000000000000004276229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1b037c9d73a4822022-01-04 14:18:17.961root 11241100x80000000000000004276230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfce4ba4dd2c8742022-01-04 14:18:17.961root 11241100x80000000000000004276231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f362e514bac4d5862022-01-04 14:18:17.961root 11241100x80000000000000004276232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae4fe6e31077d8f2022-01-04 14:18:18.459root 11241100x80000000000000004276233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d41041d24537782022-01-04 14:18:18.460root 11241100x80000000000000004276234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac358cf344c01fa2022-01-04 14:18:18.460root 11241100x80000000000000004276235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f30d796f4fd6ae2022-01-04 14:18:18.460root 11241100x80000000000000004276236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bd7b0078628de12022-01-04 14:18:18.460root 11241100x80000000000000004276237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21a65cf37c9aac2022-01-04 14:18:18.460root 11241100x80000000000000004276238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b15b6b68e8fa82022-01-04 14:18:18.460root 11241100x80000000000000004276239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1a0d8189f7e4d52022-01-04 14:18:18.460root 11241100x80000000000000004276240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e40d3ebf699bb6c2022-01-04 14:18:18.460root 11241100x80000000000000004276241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2141e5cc29c3b5092022-01-04 14:18:18.460root 11241100x80000000000000004276242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d351ac5643f0c4b62022-01-04 14:18:18.461root 11241100x80000000000000004276243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bd0d9406a5ad232022-01-04 14:18:18.461root 11241100x80000000000000004276244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde209ed445f43c02022-01-04 14:18:18.461root 11241100x80000000000000004276245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb39c008e0d7c1c2022-01-04 14:18:18.461root 11241100x80000000000000004276246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8acc84bf4488d0c2022-01-04 14:18:18.461root 11241100x80000000000000004276247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc082dd13ac6371e2022-01-04 14:18:18.461root 11241100x80000000000000004276248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af5287f7c0b82672022-01-04 14:18:18.461root 11241100x80000000000000004276249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b0406bd143baa52022-01-04 14:18:18.461root 11241100x80000000000000004276250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca816727776dc472022-01-04 14:18:18.462root 11241100x80000000000000004276251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6892cab569b60f182022-01-04 14:18:18.960root 11241100x80000000000000004276252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c5dec7bb9a5fdd2022-01-04 14:18:18.960root 11241100x80000000000000004276253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc93986fd932dd62022-01-04 14:18:18.960root 11241100x80000000000000004276254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8917e4fd905e1c2022-01-04 14:18:18.960root 11241100x80000000000000004276255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2aeef02e9a80772022-01-04 14:18:18.960root 11241100x80000000000000004276256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e39fa3f100a892022-01-04 14:18:18.960root 11241100x80000000000000004276257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0ae273eeb81e4c2022-01-04 14:18:18.960root 11241100x80000000000000004276258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfe068d6734a1f02022-01-04 14:18:18.960root 11241100x80000000000000004276259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92c5af57f695d482022-01-04 14:18:18.960root 11241100x80000000000000004276260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12439a53c5025b842022-01-04 14:18:18.960root 11241100x80000000000000004276261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fab0fb67e82e08b2022-01-04 14:18:18.960root 11241100x80000000000000004276262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbdaa22b076c32e2022-01-04 14:18:18.960root 11241100x80000000000000004276263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15b86980605436e2022-01-04 14:18:18.960root 11241100x80000000000000004276264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e162fcbf8530fd2022-01-04 14:18:18.961root 11241100x80000000000000004276265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe11f500a9288922022-01-04 14:18:18.961root 11241100x80000000000000004276266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653802fea1d5c9f42022-01-04 14:18:18.961root 11241100x80000000000000004276267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10648a79bed1ce802022-01-04 14:18:18.961root 11241100x80000000000000004276268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e80a24dd5fb4e442022-01-04 14:18:18.961root 11241100x80000000000000004276269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2ba49a880dfa6e2022-01-04 14:18:18.961root 11241100x80000000000000004276270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68959eeea9c3a38e2022-01-04 14:18:19.460root 11241100x80000000000000004276271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac309019ed4090902022-01-04 14:18:19.460root 11241100x80000000000000004276272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d891613f38bf357b2022-01-04 14:18:19.460root 11241100x80000000000000004276273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d7ae5c65ea83a42022-01-04 14:18:19.460root 11241100x80000000000000004276274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365d710718c32302022-01-04 14:18:19.460root 11241100x80000000000000004276275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c444ef67d1a1532022-01-04 14:18:19.460root 11241100x80000000000000004276276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f72a269ef4ec0e62022-01-04 14:18:19.460root 11241100x80000000000000004276277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5484bd092b9212ac2022-01-04 14:18:19.460root 11241100x80000000000000004276278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193ebd5f5262f62c2022-01-04 14:18:19.460root 11241100x80000000000000004276279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7249f7372ed632022-01-04 14:18:19.460root 11241100x80000000000000004276280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be00a04b68bbc192022-01-04 14:18:19.460root 11241100x80000000000000004276281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff5040b3fccb76c2022-01-04 14:18:19.461root 11241100x80000000000000004276282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57b8120e4d276712022-01-04 14:18:19.461root 11241100x80000000000000004276283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d32205e5912bef2022-01-04 14:18:19.461root 11241100x80000000000000004276284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e16edf2799bead2022-01-04 14:18:19.461root 11241100x80000000000000004276285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7412777549356e9f2022-01-04 14:18:19.461root 11241100x80000000000000004276286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1d2318cd695a6c2022-01-04 14:18:19.461root 11241100x80000000000000004276287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e80cc62b9573f7a2022-01-04 14:18:19.461root 11241100x80000000000000004276288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9daa379531436a12022-01-04 14:18:19.461root 11241100x80000000000000004276289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b26dae374ed942022-01-04 14:18:19.959root 11241100x80000000000000004276290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982a8e394979f972022-01-04 14:18:19.959root 11241100x80000000000000004276291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7072fde850f4dc42022-01-04 14:18:19.959root 11241100x80000000000000004276292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c4d0823ac3dc02022-01-04 14:18:19.959root 11241100x80000000000000004276293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199a20b269789d182022-01-04 14:18:19.960root 11241100x80000000000000004276294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a9fadf33015bad2022-01-04 14:18:19.960root 11241100x80000000000000004276295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f128746b0b1292022-01-04 14:18:19.960root 11241100x80000000000000004276296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417bc1ca665ba11f2022-01-04 14:18:19.960root 11241100x80000000000000004276297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdfc4071ecc39cd2022-01-04 14:18:19.960root 11241100x80000000000000004276298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efff2221c5562ff2022-01-04 14:18:19.960root 11241100x80000000000000004276299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fda60c5f1839992022-01-04 14:18:19.960root 11241100x80000000000000004276300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540bf993c3a0d7c2022-01-04 14:18:19.961root 11241100x80000000000000004276301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f2bb38c2b188e2022-01-04 14:18:19.961root 11241100x80000000000000004276302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afe631b581a687e2022-01-04 14:18:19.961root 11241100x80000000000000004276303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a2b7547f2f8d3a2022-01-04 14:18:19.961root 11241100x80000000000000004276304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79e77cd272a805b2022-01-04 14:18:19.961root 11241100x80000000000000004276305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73db291dfdd2c7c2022-01-04 14:18:19.961root 11241100x80000000000000004276306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2193c11de0b3122022-01-04 14:18:19.961root 11241100x80000000000000004276307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e38a1b9371025d62022-01-04 14:18:19.962root 354300x80000000000000004276308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.032{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41498-false10.0.1.12-8000- 11241100x80000000000000004276309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c390ba15e8f00f2022-01-04 14:18:20.459root 11241100x80000000000000004276310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd903c83e469cab2022-01-04 14:18:20.459root 11241100x80000000000000004276311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a03e8c2f5f4432022-01-04 14:18:20.460root 11241100x80000000000000004276312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e30feb82f29272022-01-04 14:18:20.460root 11241100x80000000000000004276313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb01319eec9cd492022-01-04 14:18:20.460root 11241100x80000000000000004276314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b4ee8abc996d552022-01-04 14:18:20.460root 11241100x80000000000000004276315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50504ca3c4cd4b362022-01-04 14:18:20.460root 11241100x80000000000000004276316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97283734d8e152852022-01-04 14:18:20.460root 11241100x80000000000000004276317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1c633aa7075d702022-01-04 14:18:20.461root 11241100x80000000000000004276318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc81545b5562982022-01-04 14:18:20.461root 11241100x80000000000000004276319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033d1dfcdadef3c22022-01-04 14:18:20.461root 11241100x80000000000000004276320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08386479c696da452022-01-04 14:18:20.461root 11241100x80000000000000004276321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27b8cae30584de2022-01-04 14:18:20.461root 11241100x80000000000000004276322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d6f9b20315a7102022-01-04 14:18:20.461root 11241100x80000000000000004276323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe9abdc1c57de4f2022-01-04 14:18:20.461root 11241100x80000000000000004276324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012ad816b189ff822022-01-04 14:18:20.461root 11241100x80000000000000004276325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29640a4be0e6f8fc2022-01-04 14:18:20.461root 11241100x80000000000000004276326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691043ac2cd3f07a2022-01-04 14:18:20.461root 11241100x80000000000000004276327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e89401e75b6a27b2022-01-04 14:18:20.461root 11241100x80000000000000004276328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aac192cabd2f362022-01-04 14:18:20.462root 11241100x80000000000000004276329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c811caa4697733f2022-01-04 14:18:20.462root 11241100x80000000000000004276330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be08caf06cd3901b2022-01-04 14:18:20.959root 11241100x80000000000000004276331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab155adbf20ffc1a2022-01-04 14:18:20.960root 11241100x80000000000000004276332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633010f662504c002022-01-04 14:18:20.960root 11241100x80000000000000004276333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52970d988ae57bb2022-01-04 14:18:20.960root 11241100x80000000000000004276334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9abf8370712300e2022-01-04 14:18:20.960root 11241100x80000000000000004276335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f3d40849c4c5892022-01-04 14:18:20.961root 11241100x80000000000000004276336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d46f4bd3239dda2022-01-04 14:18:20.961root 11241100x80000000000000004276337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91665db38f5194e2022-01-04 14:18:20.961root 11241100x80000000000000004276338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dff03f79d890712022-01-04 14:18:20.961root 11241100x80000000000000004276339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb161189559a732022-01-04 14:18:20.961root 11241100x80000000000000004276340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4797ce52df350d962022-01-04 14:18:20.961root 11241100x80000000000000004276341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e894bec5ce31f62022-01-04 14:18:20.961root 11241100x80000000000000004276342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f845791801af6df22022-01-04 14:18:20.961root 11241100x80000000000000004276343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3cea745e791efd2022-01-04 14:18:20.961root 11241100x80000000000000004276344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcb53323fed31fc2022-01-04 14:18:20.961root 11241100x80000000000000004276345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c103af0c47dff2d32022-01-04 14:18:20.961root 11241100x80000000000000004276346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39363b6e148d1db42022-01-04 14:18:20.961root 11241100x80000000000000004276347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834e8ba90366a21f2022-01-04 14:18:20.962root 11241100x80000000000000004276348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380647f9cb8b86db2022-01-04 14:18:20.962root 11241100x80000000000000004276349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d01d142f44241de2022-01-04 14:18:20.962root 11241100x80000000000000004276350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e99561dd6f0202022-01-04 14:18:21.460root 11241100x80000000000000004276351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8274115160c2596d2022-01-04 14:18:21.460root 11241100x80000000000000004276352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4568a65e2d4447d42022-01-04 14:18:21.460root 11241100x80000000000000004276353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b870736ed9187d2022-01-04 14:18:21.460root 11241100x80000000000000004276354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acff1829f4191a902022-01-04 14:18:21.460root 11241100x80000000000000004276355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e3ed9f3c06c8a62022-01-04 14:18:21.461root 11241100x80000000000000004276356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad083cdb6007676d2022-01-04 14:18:21.461root 11241100x80000000000000004276357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1639ea344683ddd22022-01-04 14:18:21.461root 11241100x80000000000000004276358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb32fe08dc80c942022-01-04 14:18:21.461root 11241100x80000000000000004276359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0730a5661dea3efb2022-01-04 14:18:21.461root 11241100x80000000000000004276360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649be4906da761042022-01-04 14:18:21.462root 11241100x80000000000000004276361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc5eee1d25010252022-01-04 14:18:21.462root 11241100x80000000000000004276362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1f4a597947c6382022-01-04 14:18:21.462root 11241100x80000000000000004276363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b17d3d066edcc2022-01-04 14:18:21.462root 11241100x80000000000000004276364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b13938c9bc5380f2022-01-04 14:18:21.462root 11241100x80000000000000004276365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1075f81bd489442022-01-04 14:18:21.462root 11241100x80000000000000004276366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9bb120abf2a9052022-01-04 14:18:21.462root 11241100x80000000000000004276367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953900afd52a56142022-01-04 14:18:21.463root 11241100x80000000000000004276368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ea726ec79a08852022-01-04 14:18:21.463root 11241100x80000000000000004276369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8106c67a83ecca142022-01-04 14:18:21.463root 11241100x80000000000000004276370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff923edb6fde06e2022-01-04 14:18:21.959root 11241100x80000000000000004276371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178f706cd8c35f2a2022-01-04 14:18:21.960root 11241100x80000000000000004276372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1645004aa0a59ba2022-01-04 14:18:21.960root 11241100x80000000000000004276373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca88ebc81c0c75b2022-01-04 14:18:21.960root 11241100x80000000000000004276374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ecf1874a164c922022-01-04 14:18:21.960root 11241100x80000000000000004276375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730a3b8d1a35c5202022-01-04 14:18:21.960root 11241100x80000000000000004276376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927aabd76f00dfda2022-01-04 14:18:21.960root 11241100x80000000000000004276377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408f54063dce910f2022-01-04 14:18:21.960root 11241100x80000000000000004276378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b84f7186c1c3912022-01-04 14:18:21.960root 11241100x80000000000000004276379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb217dcfe8de09b2022-01-04 14:18:21.960root 11241100x80000000000000004276380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957a4f450815af282022-01-04 14:18:21.960root 11241100x80000000000000004276381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffad64e735d57e32022-01-04 14:18:21.960root 11241100x80000000000000004276382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b0f55da19aa3242022-01-04 14:18:21.960root 11241100x80000000000000004276383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fa3488298025b62022-01-04 14:18:21.960root 11241100x80000000000000004276384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04601b768f6aa2182022-01-04 14:18:21.960root 11241100x80000000000000004276385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ac2c8fee848e332022-01-04 14:18:21.961root 11241100x80000000000000004276386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5d58d4e2b94bdb2022-01-04 14:18:21.961root 11241100x80000000000000004276387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ac819a08df1ac2022-01-04 14:18:21.961root 11241100x80000000000000004276388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98c3ce216a788a92022-01-04 14:18:21.961root 11241100x80000000000000004276389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593aaea2806a77502022-01-04 14:18:21.961root 11241100x80000000000000004276390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d4d7dc069799c52022-01-04 14:18:22.460root 11241100x80000000000000004276391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd5f34ca5060f02022-01-04 14:18:22.460root 11241100x80000000000000004276392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515380cbdf96df1e2022-01-04 14:18:22.460root 11241100x80000000000000004276393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d16bbc62144c362022-01-04 14:18:22.460root 11241100x80000000000000004276394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4b8b2795a01c012022-01-04 14:18:22.460root 11241100x80000000000000004276395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d259b38c7fbfa2022-01-04 14:18:22.460root 11241100x80000000000000004276396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4f8bed78b0790c2022-01-04 14:18:22.460root 11241100x80000000000000004276397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62aa9ab2394d3732022-01-04 14:18:22.460root 11241100x80000000000000004276398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126d455aa3b72bac2022-01-04 14:18:22.460root 11241100x80000000000000004276399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ce621bdfd2c5612022-01-04 14:18:22.460root 11241100x80000000000000004276400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c97fd9f4c8964b2022-01-04 14:18:22.460root 11241100x80000000000000004276401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636539524fc1772f2022-01-04 14:18:22.460root 11241100x80000000000000004276402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8e95e7caf26bf52022-01-04 14:18:22.461root 11241100x80000000000000004276403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c4708cff5f80812022-01-04 14:18:22.461root 11241100x80000000000000004276404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88423871a6411b7c2022-01-04 14:18:22.461root 11241100x80000000000000004276405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9d3c8a10a62352022-01-04 14:18:22.461root 11241100x80000000000000004276406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1234dd10c579cdf52022-01-04 14:18:22.461root 11241100x80000000000000004276407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23822bdfc6b3fe882022-01-04 14:18:22.461root 11241100x80000000000000004276408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e999d8c1b5082c6f2022-01-04 14:18:22.461root 11241100x80000000000000004276409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96056de162f12fc92022-01-04 14:18:22.461root 11241100x80000000000000004276410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055f89bbf9ccacc2022-01-04 14:18:22.960root 11241100x80000000000000004276411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67212cb61c955132022-01-04 14:18:22.960root 11241100x80000000000000004276412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a081bcd25b399a2022-01-04 14:18:22.960root 11241100x80000000000000004276413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd35a416d1ae7b62022-01-04 14:18:22.960root 11241100x80000000000000004276414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365c6a4e11271e02022-01-04 14:18:22.960root 11241100x80000000000000004276415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96dfe8105e8c6102022-01-04 14:18:22.960root 11241100x80000000000000004276416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7007794bafed34262022-01-04 14:18:22.960root 11241100x80000000000000004276417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35fe7155ff719662022-01-04 14:18:22.960root 11241100x80000000000000004276418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72525a49eb9570932022-01-04 14:18:22.960root 11241100x80000000000000004276419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba827078e4db56dd2022-01-04 14:18:22.960root 11241100x80000000000000004276420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f787a16cc19f69822022-01-04 14:18:22.961root 11241100x80000000000000004276421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b67c9d6fa1564032022-01-04 14:18:22.961root 11241100x80000000000000004276422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb506fb9a2b632002022-01-04 14:18:22.961root 11241100x80000000000000004276423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a217d36c8fc5c7b02022-01-04 14:18:22.961root 11241100x80000000000000004276424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621dfb6dbdc6833e2022-01-04 14:18:22.961root 11241100x80000000000000004276425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f7978c84e837c62022-01-04 14:18:22.961root 11241100x80000000000000004276426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20c9a36e9d8e9d2022-01-04 14:18:22.961root 11241100x80000000000000004276427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35941bb9935e933f2022-01-04 14:18:22.961root 11241100x80000000000000004276428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da5361b22247cfa2022-01-04 14:18:22.961root 11241100x80000000000000004276429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998ede2159048642022-01-04 14:18:22.961root 11241100x80000000000000004276430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88da97acd7a29f872022-01-04 14:18:23.460root 11241100x80000000000000004276431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a543500524f4222022-01-04 14:18:23.460root 11241100x80000000000000004276432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122902a84c1c14cc2022-01-04 14:18:23.460root 11241100x80000000000000004276433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf63601a4deddd712022-01-04 14:18:23.460root 11241100x80000000000000004276434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91ea1392ad4671c2022-01-04 14:18:23.460root 11241100x80000000000000004276435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b026f6739278db642022-01-04 14:18:23.460root 11241100x80000000000000004276436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953e41462d3e0a7e2022-01-04 14:18:23.460root 11241100x80000000000000004276437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287f193f53b84aab2022-01-04 14:18:23.460root 11241100x80000000000000004276438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffc4d25043f12f72022-01-04 14:18:23.460root 11241100x80000000000000004276439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e58da96e0f6cd02022-01-04 14:18:23.460root 11241100x80000000000000004276440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c93fdbd6b5666482022-01-04 14:18:23.460root 11241100x80000000000000004276441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1df8ef3cc006b52022-01-04 14:18:23.460root 11241100x80000000000000004276442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb52381152d7f8812022-01-04 14:18:23.460root 11241100x80000000000000004276443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a89ac93130f9e672022-01-04 14:18:23.461root 11241100x80000000000000004276444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd34d5c75ab146892022-01-04 14:18:23.461root 11241100x80000000000000004276445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042d3c96a1ece2d92022-01-04 14:18:23.461root 11241100x80000000000000004276446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ce18974ace6da92022-01-04 14:18:23.461root 11241100x80000000000000004276447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429cd8a281aac82e2022-01-04 14:18:23.461root 11241100x80000000000000004276448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7660251588f62d2a2022-01-04 14:18:23.461root 11241100x80000000000000004276449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b690eec6ca10b892022-01-04 14:18:23.461root 11241100x80000000000000004276450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e082c798795b302022-01-04 14:18:23.959root 11241100x80000000000000004276451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2bb80284e361342022-01-04 14:18:23.959root 11241100x80000000000000004276452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb5e1835ff9125c2022-01-04 14:18:23.959root 11241100x80000000000000004276453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ecfd5aba5a87402022-01-04 14:18:23.959root 11241100x80000000000000004276454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32e4fa4639487bc2022-01-04 14:18:23.959root 11241100x80000000000000004276455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba725975193e0c962022-01-04 14:18:23.960root 11241100x80000000000000004276456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f2a30143b5d7ff2022-01-04 14:18:23.960root 11241100x80000000000000004276457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78ddde2f0b3d282022-01-04 14:18:23.960root 11241100x80000000000000004276458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22b9fe2ed6381242022-01-04 14:18:23.960root 11241100x80000000000000004276459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cf08ee331f080a2022-01-04 14:18:23.960root 11241100x80000000000000004276460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca32d4e231eae7672022-01-04 14:18:23.960root 11241100x80000000000000004276461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffde575be18c3362022-01-04 14:18:23.960root 11241100x80000000000000004276462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3767a7b53c3c80fc2022-01-04 14:18:23.960root 11241100x80000000000000004276463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeee24a901d50e022022-01-04 14:18:23.960root 11241100x80000000000000004276464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063e1e4f4e7866822022-01-04 14:18:23.960root 11241100x80000000000000004276465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265000e46c541fb2022-01-04 14:18:23.960root 11241100x80000000000000004276466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33caf4f787135e92022-01-04 14:18:23.960root 11241100x80000000000000004276467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e6619a2f5853442022-01-04 14:18:23.960root 11241100x80000000000000004276468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf64556ad0c5d412022-01-04 14:18:23.960root 11241100x80000000000000004276469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df06522a9a95b6c2022-01-04 14:18:23.961root 11241100x80000000000000004276470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c2a353c62c91e2022-01-04 14:18:23.961root 11241100x80000000000000004276471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b11d1b7ae5260a2022-01-04 14:18:24.459root 11241100x80000000000000004276472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1beb06e9cf57702022-01-04 14:18:24.459root 11241100x80000000000000004276473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d1311055ebdf682022-01-04 14:18:24.460root 11241100x80000000000000004276474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71847b5df5b08802022-01-04 14:18:24.460root 11241100x80000000000000004276475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1d382702e98afd2022-01-04 14:18:24.460root 11241100x80000000000000004276476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fc0842bf389ee92022-01-04 14:18:24.460root 11241100x80000000000000004276477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29909c3d84e7174b2022-01-04 14:18:24.460root 11241100x80000000000000004276478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7a4ac29be5f8ad2022-01-04 14:18:24.460root 11241100x80000000000000004276479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4b2fe858431c0d2022-01-04 14:18:24.460root 11241100x80000000000000004276480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea14f43360101202022-01-04 14:18:24.460root 11241100x80000000000000004276481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291d862114dc946b2022-01-04 14:18:24.460root 11241100x80000000000000004276482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1081a6c2144ab27a2022-01-04 14:18:24.460root 11241100x80000000000000004276483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39feb1991ba36b492022-01-04 14:18:24.460root 11241100x80000000000000004276484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fafb4b58020d9c2022-01-04 14:18:24.460root 11241100x80000000000000004276485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825412d5c2c4feb22022-01-04 14:18:24.460root 11241100x80000000000000004276486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f8e3db3150fbd72022-01-04 14:18:24.461root 11241100x80000000000000004276487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aaf7c8779acf002022-01-04 14:18:24.461root 11241100x80000000000000004276488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ae81b60e8ea2e02022-01-04 14:18:24.461root 11241100x80000000000000004276489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2808c020b553d482022-01-04 14:18:24.461root 11241100x80000000000000004276490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826d675f43689c262022-01-04 14:18:24.461root 11241100x80000000000000004276491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae1a6eb75f3d4662022-01-04 14:18:24.960root 11241100x80000000000000004276492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcba3d9f85a94062022-01-04 14:18:24.960root 11241100x80000000000000004276493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d4bc8fec048b882022-01-04 14:18:24.960root 11241100x80000000000000004276494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7646823ad691cd8b2022-01-04 14:18:24.960root 11241100x80000000000000004276495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24a958c856a4c002022-01-04 14:18:24.960root 11241100x80000000000000004276496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8c91e8abafff712022-01-04 14:18:24.960root 11241100x80000000000000004276497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f090567a559da2d2022-01-04 14:18:24.960root 11241100x80000000000000004276498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9f38f0cdda8e7e2022-01-04 14:18:24.960root 11241100x80000000000000004276499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6cd645e26f8b982022-01-04 14:18:24.960root 11241100x80000000000000004276500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c601219440b94e2022-01-04 14:18:24.960root 11241100x80000000000000004276501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a12e77511ac324e2022-01-04 14:18:24.960root 11241100x80000000000000004276502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4608ac1fb6341d2022-01-04 14:18:24.960root 11241100x80000000000000004276503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b585d0e3d89e2b2022-01-04 14:18:24.961root 11241100x80000000000000004276504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e58d8c29103c742022-01-04 14:18:24.961root 11241100x80000000000000004276505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bc1854cd4a18742022-01-04 14:18:24.961root 11241100x80000000000000004276506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c24c787d23aed2022-01-04 14:18:24.961root 11241100x80000000000000004276507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad6e5ab6eab3cc52022-01-04 14:18:24.961root 11241100x80000000000000004276508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfc57486bed79002022-01-04 14:18:24.961root 11241100x80000000000000004276509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13045892ff65a5d2022-01-04 14:18:24.961root 11241100x80000000000000004276510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5746e8e3f7dc3cbc2022-01-04 14:18:24.961root 354300x80000000000000004276511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.245{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41500-false10.0.1.12-8000- 11241100x80000000000000004276512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c14ecb54d3b1f92022-01-04 14:18:25.246root 11241100x80000000000000004276513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3762036998ac32022-01-04 14:18:25.246root 11241100x80000000000000004276514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a539ab06c5aebf442022-01-04 14:18:25.246root 11241100x80000000000000004276515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f49f2007917a2e2022-01-04 14:18:25.246root 11241100x80000000000000004276516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.246{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78336333fbd533e2022-01-04 14:18:25.246root 11241100x80000000000000004276517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51e041a3d6f6cf62022-01-04 14:18:25.247root 11241100x80000000000000004276518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3dac3de34105f72022-01-04 14:18:25.247root 11241100x80000000000000004276519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0e97b2fc5ee9342022-01-04 14:18:25.247root 11241100x80000000000000004276520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2883168d054ce2302022-01-04 14:18:25.247root 11241100x80000000000000004276521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9470ad45e226052022-01-04 14:18:25.247root 11241100x80000000000000004276522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aa12e4471455a62022-01-04 14:18:25.247root 11241100x80000000000000004276523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4aeaa768e35ee02022-01-04 14:18:25.247root 11241100x80000000000000004276524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9151dba8da47bc32022-01-04 14:18:25.247root 11241100x80000000000000004276525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f03f884c2400c12022-01-04 14:18:25.247root 11241100x80000000000000004276526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d32089c61c4c5c2022-01-04 14:18:25.247root 11241100x80000000000000004276527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4815d74714843bbe2022-01-04 14:18:25.247root 11241100x80000000000000004276528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79ac4facc7bd6162022-01-04 14:18:25.247root 11241100x80000000000000004276529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.247{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8a2844226ceea82022-01-04 14:18:25.247root 11241100x80000000000000004276530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5006c6cc5ee07a22022-01-04 14:18:25.248root 11241100x80000000000000004276531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a822543c52afb34c2022-01-04 14:18:25.248root 11241100x80000000000000004276532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea987e4a67e2ce72022-01-04 14:18:25.248root 11241100x80000000000000004276533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a5a6afb94acbab2022-01-04 14:18:25.248root 11241100x80000000000000004276534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398e3fea8e38bf42022-01-04 14:18:25.248root 11241100x80000000000000004276535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.248{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1bffe5e37d02e52022-01-04 14:18:25.248root 11241100x80000000000000004276536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f7301b32869332022-01-04 14:18:25.711root 11241100x80000000000000004276537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cface889e3cb662022-01-04 14:18:25.711root 11241100x80000000000000004276538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff7042b7ebebd3f2022-01-04 14:18:25.711root 11241100x80000000000000004276539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc46559cd71beb02022-01-04 14:18:25.711root 11241100x80000000000000004276540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce21d8b1fabb1a402022-01-04 14:18:25.711root 11241100x80000000000000004276541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75dae974f92547f2022-01-04 14:18:25.711root 11241100x80000000000000004276542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2716cfb0f1e0532b2022-01-04 14:18:25.711root 11241100x80000000000000004276543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aecdc6eef79ac462022-01-04 14:18:25.711root 11241100x80000000000000004276544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ae1093830efb7e2022-01-04 14:18:25.711root 11241100x80000000000000004276545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8802c593ba09d92022-01-04 14:18:25.712root 11241100x80000000000000004276546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a85d982a159be1c2022-01-04 14:18:25.712root 11241100x80000000000000004276547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd587377eaa43c52022-01-04 14:18:25.712root 11241100x80000000000000004276548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e7846ea0a59312022-01-04 14:18:25.712root 11241100x80000000000000004276549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e76ca7adcaac8912022-01-04 14:18:25.712root 11241100x80000000000000004276550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6338af29bd452b2022-01-04 14:18:25.712root 11241100x80000000000000004276551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c17778d990b92cb2022-01-04 14:18:25.712root 11241100x80000000000000004276552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9a8b414a935c942022-01-04 14:18:25.712root 11241100x80000000000000004276553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4066c8bee473dca2022-01-04 14:18:25.713root 11241100x80000000000000004276554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163fe2fc734f7dfc2022-01-04 14:18:25.713root 11241100x80000000000000004276555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a53b4fd662fd6562022-01-04 14:18:25.713root 11241100x80000000000000004276556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:25.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3b4fe523a1e3a2022-01-04 14:18:25.713root 11241100x80000000000000004276557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009615a50da8a9a82022-01-04 14:18:26.210root 11241100x80000000000000004276558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd65996bb0f4ea002022-01-04 14:18:26.210root 11241100x80000000000000004276559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a719908b18da3042022-01-04 14:18:26.210root 11241100x80000000000000004276560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbd0444980207f2022-01-04 14:18:26.210root 11241100x80000000000000004276561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411798067bd264eb2022-01-04 14:18:26.210root 11241100x80000000000000004276562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16af79dd18e25a42022-01-04 14:18:26.210root 11241100x80000000000000004276563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330d6004a60f3de32022-01-04 14:18:26.210root 11241100x80000000000000004276564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe7bea9b850a532022-01-04 14:18:26.210root 11241100x80000000000000004276565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172385a4488d2d1f2022-01-04 14:18:26.210root 11241100x80000000000000004276566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c552ae612279842022-01-04 14:18:26.210root 11241100x80000000000000004276567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ae5fc318e5e0f2022-01-04 14:18:26.210root 11241100x80000000000000004276568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3011fb0857419482022-01-04 14:18:26.211root 11241100x80000000000000004276569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ea7e3267f887bd2022-01-04 14:18:26.211root 11241100x80000000000000004276570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c26c2508a726832022-01-04 14:18:26.211root 11241100x80000000000000004276571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a8c8c4e6e886902022-01-04 14:18:26.211root 11241100x80000000000000004276572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9115f42966d101122022-01-04 14:18:26.211root 11241100x80000000000000004276573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce3a407cfc288ea2022-01-04 14:18:26.211root 11241100x80000000000000004276574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04bf2ebb29ea2602022-01-04 14:18:26.211root 11241100x80000000000000004276575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad931edcf8566a92022-01-04 14:18:26.211root 11241100x80000000000000004276576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a742c6fbae5ce392022-01-04 14:18:26.211root 11241100x80000000000000004276577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e887a562b873f04a2022-01-04 14:18:26.211root 11241100x80000000000000004276578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446704b01b0b700a2022-01-04 14:18:26.710root 11241100x80000000000000004276579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a207f4aab5742092022-01-04 14:18:26.710root 11241100x80000000000000004276580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80609fc679c4c07c2022-01-04 14:18:26.710root 11241100x80000000000000004276581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671552b2cb5f07922022-01-04 14:18:26.710root 11241100x80000000000000004276582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6976e3034449c0bd2022-01-04 14:18:26.711root 11241100x80000000000000004276583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1189970c135efa42022-01-04 14:18:26.711root 11241100x80000000000000004276584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72293e56232c8722022-01-04 14:18:26.711root 11241100x80000000000000004276585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760a9bcffc7f1f802022-01-04 14:18:26.711root 11241100x80000000000000004276586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e911d24b71f5152022-01-04 14:18:26.711root 11241100x80000000000000004276587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912d87390911b46a2022-01-04 14:18:26.711root 11241100x80000000000000004276588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc11ddbeef7f422022-01-04 14:18:26.711root 11241100x80000000000000004276589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7a1f8268ee30662022-01-04 14:18:26.712root 11241100x80000000000000004276590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc236f4e0b5d4102022-01-04 14:18:26.712root 11241100x80000000000000004276591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c334b1dd32cd967d2022-01-04 14:18:26.712root 11241100x80000000000000004276592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5e43325be32e432022-01-04 14:18:26.712root 11241100x80000000000000004276593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e9c9502e25503b2022-01-04 14:18:26.712root 11241100x80000000000000004276594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7fe8a247387ed72022-01-04 14:18:26.712root 11241100x80000000000000004276595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d63c50984f209872022-01-04 14:18:26.712root 11241100x80000000000000004276596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceada708f73f3f92022-01-04 14:18:26.712root 11241100x80000000000000004276597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9a046e07dcd8442022-01-04 14:18:26.712root 11241100x80000000000000004276598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:26.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa13b6900883502022-01-04 14:18:26.713root 354300x80000000000000004276599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.131{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41982-false10.0.1.12-8089- 11241100x80000000000000004276600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.132{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4323df87a78dc042022-01-04 14:18:27.132root 11241100x80000000000000004276601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.132{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74db0949018f12922022-01-04 14:18:27.132root 11241100x80000000000000004276602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aeb037f1a08d5b2022-01-04 14:18:27.133root 11241100x80000000000000004276603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8996f48812b30ac12022-01-04 14:18:27.133root 11241100x80000000000000004276604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d78468f3749e9a2022-01-04 14:18:27.133root 11241100x80000000000000004276605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f011c350d7de05982022-01-04 14:18:27.133root 11241100x80000000000000004276606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e845fdb0f549162022-01-04 14:18:27.133root 11241100x80000000000000004276607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.133{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e78ced8ccf402572022-01-04 14:18:27.133root 11241100x80000000000000004276608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b5419144278d262022-01-04 14:18:27.134root 11241100x80000000000000004276609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6cbee2716497872022-01-04 14:18:27.134root 11241100x80000000000000004276610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32b7403785c800d2022-01-04 14:18:27.134root 11241100x80000000000000004276611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0609cd18f8686d432022-01-04 14:18:27.134root 11241100x80000000000000004276612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac4b76c641ee9922022-01-04 14:18:27.134root 11241100x80000000000000004276613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aa0d5c36b55fcf2022-01-04 14:18:27.134root 11241100x80000000000000004276614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb6e7eb1ecbd1e02022-01-04 14:18:27.135root 11241100x80000000000000004276615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3039bc24ee34d5f72022-01-04 14:18:27.135root 11241100x80000000000000004276616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cff93186625ac12022-01-04 14:18:27.135root 11241100x80000000000000004276617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e214b0b9bfb5f1992022-01-04 14:18:27.135root 11241100x80000000000000004276618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afb0c5c5da7669d2022-01-04 14:18:27.135root 11241100x80000000000000004276619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3943302ff2dc97572022-01-04 14:18:27.135root 11241100x80000000000000004276620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86f41662f1da612022-01-04 14:18:27.135root 11241100x80000000000000004276621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b3fe5d292d2af12022-01-04 14:18:27.135root 11241100x80000000000000004276622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1accee1b8d90433f2022-01-04 14:18:27.460root 11241100x80000000000000004276623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3524cf89b2a7642022-01-04 14:18:27.460root 11241100x80000000000000004276624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd36626da8146192022-01-04 14:18:27.460root 11241100x80000000000000004276625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc60c288d81baca2022-01-04 14:18:27.460root 11241100x80000000000000004276626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd5057a3ed94bf2022-01-04 14:18:27.460root 11241100x80000000000000004276627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ce8321f5e3cff32022-01-04 14:18:27.460root 11241100x80000000000000004276628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f966a292f0022d182022-01-04 14:18:27.460root 11241100x80000000000000004276629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dd99bb61b2c95e2022-01-04 14:18:27.460root 11241100x80000000000000004276630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f466f637fdcf9782022-01-04 14:18:27.460root 11241100x80000000000000004276631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374089ccc98037df2022-01-04 14:18:27.460root 11241100x80000000000000004276632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a151b5fe6a86e82022-01-04 14:18:27.460root 11241100x80000000000000004276633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a14cb04106364d2022-01-04 14:18:27.461root 11241100x80000000000000004276634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d66ac4fc56678fe2022-01-04 14:18:27.461root 11241100x80000000000000004276635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7c3a8aed40efcc2022-01-04 14:18:27.461root 11241100x80000000000000004276636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944fb44ba5a3f45a2022-01-04 14:18:27.461root 11241100x80000000000000004276637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff2ad7692084102022-01-04 14:18:27.461root 11241100x80000000000000004276638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1983df48b2486f0c2022-01-04 14:18:27.461root 11241100x80000000000000004276639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df75cf6d215298162022-01-04 14:18:27.461root 11241100x80000000000000004276640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f2ece5a942fc9d2022-01-04 14:18:27.461root 11241100x80000000000000004276641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74173d727fd92512022-01-04 14:18:27.461root 11241100x80000000000000004276642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a77b116540c46812022-01-04 14:18:27.461root 11241100x80000000000000004276643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3d4fad9bc28ef2022-01-04 14:18:27.461root 11241100x80000000000000004276644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4904b39d163337212022-01-04 14:18:27.959root 11241100x80000000000000004276645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d7ead735c1e15a2022-01-04 14:18:27.959root 11241100x80000000000000004276646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e51fb7df9a56e6b2022-01-04 14:18:27.959root 11241100x80000000000000004276647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea10c80b4487ec782022-01-04 14:18:27.959root 11241100x80000000000000004276648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de514d18ff163fc2022-01-04 14:18:27.959root 11241100x80000000000000004276649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e878bc5c4926a632022-01-04 14:18:27.960root 11241100x80000000000000004276650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edde7501e2f4b0612022-01-04 14:18:27.960root 11241100x80000000000000004276651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27c17c79bf87962022-01-04 14:18:27.960root 11241100x80000000000000004276652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60f198186095f1b2022-01-04 14:18:27.960root 11241100x80000000000000004276653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f0ab51913fcd9e2022-01-04 14:18:27.960root 11241100x80000000000000004276654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88661c1c529eb2f2022-01-04 14:18:27.960root 11241100x80000000000000004276655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad16658a4900c3e52022-01-04 14:18:27.960root 11241100x80000000000000004276656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e433fbee3a9682022-01-04 14:18:27.960root 11241100x80000000000000004276657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07bb004fcf12a1f2022-01-04 14:18:27.960root 11241100x80000000000000004276658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b89a26050979b1a2022-01-04 14:18:27.960root 11241100x80000000000000004276659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44243e613b612aef2022-01-04 14:18:27.960root 11241100x80000000000000004276660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329c537dccd37dc2022-01-04 14:18:27.961root 11241100x80000000000000004276661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9bd1dfffa9e8972022-01-04 14:18:27.961root 11241100x80000000000000004276662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a94c092460a3182022-01-04 14:18:27.961root 11241100x80000000000000004276663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8db1c6d0347aad2022-01-04 14:18:27.961root 11241100x80000000000000004276664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc9b349a13be61c2022-01-04 14:18:27.961root 11241100x80000000000000004276665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5c2ab50c64fa412022-01-04 14:18:27.961root 11241100x80000000000000004276666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595311dceef54e142022-01-04 14:18:28.459root 11241100x80000000000000004276667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e3bbf49b8240ce2022-01-04 14:18:28.459root 11241100x80000000000000004276668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6082bcdbc6faf02022-01-04 14:18:28.459root 11241100x80000000000000004276669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f71841e521042292022-01-04 14:18:28.460root 11241100x80000000000000004276670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddacf853fb7860b2022-01-04 14:18:28.460root 11241100x80000000000000004276671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a979382f8a83df352022-01-04 14:18:28.460root 11241100x80000000000000004276672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7b9b2a49e78252022-01-04 14:18:28.460root 11241100x80000000000000004276673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fbd2321c13d9fb2022-01-04 14:18:28.460root 11241100x80000000000000004276674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f6b38b09e4ef642022-01-04 14:18:28.460root 11241100x80000000000000004276675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b6fc2d4a9c6b5b2022-01-04 14:18:28.460root 11241100x80000000000000004276676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56502960604b328e2022-01-04 14:18:28.460root 11241100x80000000000000004276677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f17d48791f1b42022-01-04 14:18:28.460root 11241100x80000000000000004276678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f313e1790680f95f2022-01-04 14:18:28.460root 11241100x80000000000000004276679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf9f3204167e9dc2022-01-04 14:18:28.460root 11241100x80000000000000004276680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4284263828c629742022-01-04 14:18:28.461root 11241100x80000000000000004276681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c51863aae1eb132022-01-04 14:18:28.461root 11241100x80000000000000004276682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1501aae007ccda92022-01-04 14:18:28.461root 11241100x80000000000000004276683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607515a4d2d245b22022-01-04 14:18:28.461root 11241100x80000000000000004276684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96ac2f5fec211c02022-01-04 14:18:28.461root 11241100x80000000000000004276685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03bc5bbf5ad928c2022-01-04 14:18:28.461root 11241100x80000000000000004276686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af061d0c894003272022-01-04 14:18:28.461root 11241100x80000000000000004276687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea6c44dcaac367b2022-01-04 14:18:28.461root 11241100x80000000000000004276688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db59b0cadcbdccf2022-01-04 14:18:28.959root 11241100x80000000000000004276689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377fe45c70517bc32022-01-04 14:18:28.960root 11241100x80000000000000004276690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b5a19a511547a2022-01-04 14:18:28.960root 11241100x80000000000000004276691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aa0ab737a4c62b2022-01-04 14:18:28.960root 11241100x80000000000000004276692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b170e93da47dda8a2022-01-04 14:18:28.960root 11241100x80000000000000004276693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40091947bbad1bcb2022-01-04 14:18:28.960root 11241100x80000000000000004276694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8298240f623cf5302022-01-04 14:18:28.960root 11241100x80000000000000004276695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb64e69a7a2e2e562022-01-04 14:18:28.960root 11241100x80000000000000004276696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f8c4339ec9ac782022-01-04 14:18:28.960root 11241100x80000000000000004276697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d32cee415072fb2022-01-04 14:18:28.960root 11241100x80000000000000004276698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d4a953bd3121c92022-01-04 14:18:28.960root 11241100x80000000000000004276699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bacfd93a4555562022-01-04 14:18:28.960root 11241100x80000000000000004276700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acde4feeea75115c2022-01-04 14:18:28.960root 11241100x80000000000000004276701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1b43c0a911bc722022-01-04 14:18:28.960root 11241100x80000000000000004276702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a0fc9fc8c907a22022-01-04 14:18:28.960root 11241100x80000000000000004276703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c50112264d6ef52022-01-04 14:18:28.961root 11241100x80000000000000004276704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abda4a22b1be0d22022-01-04 14:18:28.961root 11241100x80000000000000004276705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b272763fb3761b132022-01-04 14:18:28.961root 11241100x80000000000000004276706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9835c67ccef2d8582022-01-04 14:18:28.961root 11241100x80000000000000004276707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39961d3f608fc0c82022-01-04 14:18:28.961root 11241100x80000000000000004276708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9114514aab8a6bb32022-01-04 14:18:28.961root 11241100x80000000000000004276709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0952c21f96226962022-01-04 14:18:28.961root 11241100x80000000000000004276710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c23d7ee30c5d6f2022-01-04 14:18:29.460root 11241100x80000000000000004276711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78cae95e731914f2022-01-04 14:18:29.460root 11241100x80000000000000004276712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4d3516906805352022-01-04 14:18:29.460root 11241100x80000000000000004276713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7be1c0f6d7db1c2022-01-04 14:18:29.460root 11241100x80000000000000004276714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22e51f47ef42df42022-01-04 14:18:29.460root 11241100x80000000000000004276715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc7e2c2a3ba56282022-01-04 14:18:29.460root 11241100x80000000000000004276716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dd364a9157fede2022-01-04 14:18:29.460root 11241100x80000000000000004276717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e266933274ec1632022-01-04 14:18:29.460root 11241100x80000000000000004276718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d7bea74644b2b42022-01-04 14:18:29.460root 11241100x80000000000000004276719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f255d8765167482022-01-04 14:18:29.461root 11241100x80000000000000004276720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ef54a1baf2bff52022-01-04 14:18:29.462root 11241100x80000000000000004276721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189473e1b7d5cc262022-01-04 14:18:29.462root 11241100x80000000000000004276722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3b9cff400d339f2022-01-04 14:18:29.462root 11241100x80000000000000004276723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c01e7df78818732022-01-04 14:18:29.462root 11241100x80000000000000004276724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a831083d5db525aa2022-01-04 14:18:29.462root 11241100x80000000000000004276725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c45d305c51633372022-01-04 14:18:29.462root 11241100x80000000000000004276726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75ba99ff9ed5b782022-01-04 14:18:29.463root 11241100x80000000000000004276727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20020fa661c95a9e2022-01-04 14:18:29.463root 11241100x80000000000000004276728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0def9fc834aef91a2022-01-04 14:18:29.463root 11241100x80000000000000004276729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3a7ba4b2ce29122022-01-04 14:18:29.463root 11241100x80000000000000004276730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7ea0e5469400872022-01-04 14:18:29.463root 11241100x80000000000000004276731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24814593b7294d3c2022-01-04 14:18:29.463root 11241100x80000000000000004276732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165b0c2486812f922022-01-04 14:18:29.959root 11241100x80000000000000004276733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b89094d264872fa2022-01-04 14:18:29.959root 11241100x80000000000000004276734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88968bf7dde0054c2022-01-04 14:18:29.960root 11241100x80000000000000004276735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44968b79c02d2ff2022-01-04 14:18:29.960root 11241100x80000000000000004276736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e63f54551f8dad22022-01-04 14:18:29.960root 11241100x80000000000000004276737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0bc6e94944b0752022-01-04 14:18:29.960root 11241100x80000000000000004276738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139152c0f8a19d8a2022-01-04 14:18:29.961root 11241100x80000000000000004276739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f083b9df3bf0ab42022-01-04 14:18:29.961root 11241100x80000000000000004276740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879ce8f0d30bf1e02022-01-04 14:18:29.961root 11241100x80000000000000004276741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0514dbe7005a9002022-01-04 14:18:29.961root 11241100x80000000000000004276742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69da339fff3b3a62022-01-04 14:18:29.962root 11241100x80000000000000004276743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7c4293d7eece672022-01-04 14:18:29.962root 11241100x80000000000000004276744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfd35899e1ce8732022-01-04 14:18:29.962root 11241100x80000000000000004276745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafb3ee09206c5ac2022-01-04 14:18:29.962root 11241100x80000000000000004276746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eae64db43b3f27a2022-01-04 14:18:29.962root 11241100x80000000000000004276747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebd5305bd8843e62022-01-04 14:18:29.962root 11241100x80000000000000004276748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be8ef750266ce262022-01-04 14:18:29.962root 11241100x80000000000000004276749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b8f11df8c534102022-01-04 14:18:29.963root 11241100x80000000000000004276750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959a0907ef78f1ba2022-01-04 14:18:29.963root 11241100x80000000000000004276751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a4af5c9ae1d8ae2022-01-04 14:18:29.963root 11241100x80000000000000004276752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcda9362b9069ad2022-01-04 14:18:29.963root 11241100x80000000000000004276753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:29.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e90ce7625a3abe2022-01-04 14:18:29.963root 11241100x80000000000000004276754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f58cd3682e04e952022-01-04 14:18:30.459root 11241100x80000000000000004276755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abad0b60c5702d92022-01-04 14:18:30.459root 11241100x80000000000000004276756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adfd75fc27c21042022-01-04 14:18:30.460root 11241100x80000000000000004276757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e644f2502314dd552022-01-04 14:18:30.460root 11241100x80000000000000004276758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8e9d38fe02daeb2022-01-04 14:18:30.460root 11241100x80000000000000004276759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b9a371cc09e6fa2022-01-04 14:18:30.460root 11241100x80000000000000004276760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6487146728a455c2022-01-04 14:18:30.460root 11241100x80000000000000004276761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccbe8bb739018032022-01-04 14:18:30.461root 11241100x80000000000000004276762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01068d5eb5a86802022-01-04 14:18:30.461root 11241100x80000000000000004276763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf4154874225bf12022-01-04 14:18:30.461root 11241100x80000000000000004276764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94623363e712d7b12022-01-04 14:18:30.461root 11241100x80000000000000004276765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80087150e224168e2022-01-04 14:18:30.461root 11241100x80000000000000004276766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6744b9c6ca57a7162022-01-04 14:18:30.462root 11241100x80000000000000004276767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0967aa457f505372022-01-04 14:18:30.462root 11241100x80000000000000004276768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51fee8cc676e2a2022-01-04 14:18:30.462root 11241100x80000000000000004276769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5022099feb93f3992022-01-04 14:18:30.462root 11241100x80000000000000004276770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c59b9473b497872022-01-04 14:18:30.462root 11241100x80000000000000004276771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c446a900455531802022-01-04 14:18:30.463root 11241100x80000000000000004276772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdfb7628aaf35472022-01-04 14:18:30.463root 11241100x80000000000000004276773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798988d6f3ce8b8c2022-01-04 14:18:30.463root 11241100x80000000000000004276774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38c00591c1521e2022-01-04 14:18:30.463root 11241100x80000000000000004276775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356d6f642a3c4a942022-01-04 14:18:30.463root 11241100x80000000000000004276776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfbba48b6bf41f2022-01-04 14:18:30.464root 11241100x80000000000000004276777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2f24d8ab88a14a2022-01-04 14:18:30.959root 11241100x80000000000000004276778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8258cfd0a9f0192022-01-04 14:18:30.960root 11241100x80000000000000004276779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dee77f7e6d8c852022-01-04 14:18:30.960root 11241100x80000000000000004276780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4551c1db3538adf72022-01-04 14:18:30.960root 11241100x80000000000000004276781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d67219b19a41982022-01-04 14:18:30.960root 11241100x80000000000000004276782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ff3d4188c500b2022-01-04 14:18:30.961root 11241100x80000000000000004276783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b52ff51a3a4fb172022-01-04 14:18:30.961root 11241100x80000000000000004276784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a7b52e992124762022-01-04 14:18:30.961root 11241100x80000000000000004276785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c4a8be457274442022-01-04 14:18:30.961root 11241100x80000000000000004276786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c71c37065dcc242022-01-04 14:18:30.961root 11241100x80000000000000004276787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3ed5a7f888a672022-01-04 14:18:30.961root 11241100x80000000000000004276788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd8e3e08f0138772022-01-04 14:18:30.961root 11241100x80000000000000004276789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd49d100f10ea0b02022-01-04 14:18:30.961root 11241100x80000000000000004276790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3360907a5676d72022-01-04 14:18:30.961root 11241100x80000000000000004276791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729275791c0b51a22022-01-04 14:18:30.961root 11241100x80000000000000004276792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6ed6597ecdfa242022-01-04 14:18:30.962root 11241100x80000000000000004276793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892cdf6d5a72bbd62022-01-04 14:18:30.962root 11241100x80000000000000004276794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c38b8087f19ff32022-01-04 14:18:30.962root 11241100x80000000000000004276795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbff93d08c8d5e72022-01-04 14:18:30.962root 11241100x80000000000000004276796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376217303f623f492022-01-04 14:18:30.962root 11241100x80000000000000004276797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2b681160616e6f2022-01-04 14:18:30.962root 11241100x80000000000000004276798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:30.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8077b8778831482022-01-04 14:18:30.962root 354300x80000000000000004276799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.055{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41504-false10.0.1.12-8000- 11241100x80000000000000004276800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:18:31.221root 11241100x80000000000000004276801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af477be075fab432022-01-04 14:18:31.222root 11241100x80000000000000004276802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5199d510991969a2022-01-04 14:18:31.222root 11241100x80000000000000004276803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8decc55bee7f632022-01-04 14:18:31.222root 11241100x80000000000000004276804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f86e585d7f5e1a2022-01-04 14:18:31.222root 11241100x80000000000000004276805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba15e25a11224342022-01-04 14:18:31.223root 11241100x80000000000000004276806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d7a128220f304d2022-01-04 14:18:31.223root 11241100x80000000000000004276807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be957845af36a12022-01-04 14:18:31.223root 11241100x80000000000000004276808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26dce738277374a2022-01-04 14:18:31.223root 11241100x80000000000000004276809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec8ee2e153000ca2022-01-04 14:18:31.223root 11241100x80000000000000004276810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465061559bca3a7f2022-01-04 14:18:31.224root 11241100x80000000000000004276811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744888988f9634e92022-01-04 14:18:31.224root 11241100x80000000000000004276812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aef0d9363b77942022-01-04 14:18:31.224root 11241100x80000000000000004276813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df26dc7bf57b7dd2022-01-04 14:18:31.225root 11241100x80000000000000004276814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce87cc3461ab2bf2022-01-04 14:18:31.226root 11241100x80000000000000004276815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd486ed4c46a5cb02022-01-04 14:18:31.226root 11241100x80000000000000004276816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e49cad11f6892b2022-01-04 14:18:31.227root 11241100x80000000000000004276817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c416df0c1737e9d72022-01-04 14:18:31.227root 11241100x80000000000000004276818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc5801d70c617342022-01-04 14:18:31.228root 11241100x80000000000000004276819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803597640e2d6c0e2022-01-04 14:18:31.228root 11241100x80000000000000004276820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad48f52fe65fe1e32022-01-04 14:18:31.229root 11241100x80000000000000004276821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4c495add16e1762022-01-04 14:18:31.229root 11241100x80000000000000004276822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa78f3ddfd256d42022-01-04 14:18:31.229root 11241100x80000000000000004276823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.229{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c7153562166c062022-01-04 14:18:31.229root 11241100x80000000000000004276824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce62d4944b8a9572022-01-04 14:18:31.230root 11241100x80000000000000004276825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b97f7ef477941f2022-01-04 14:18:31.709root 11241100x80000000000000004276826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1615d93fa33f59612022-01-04 14:18:31.709root 11241100x80000000000000004276827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db83bf925531100d2022-01-04 14:18:31.710root 11241100x80000000000000004276828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e9f751c9cfc63b2022-01-04 14:18:31.710root 11241100x80000000000000004276829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aca488cc4c74d72022-01-04 14:18:31.710root 11241100x80000000000000004276830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeb05c1651f81622022-01-04 14:18:31.710root 11241100x80000000000000004276831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c31de961e3161352022-01-04 14:18:31.710root 11241100x80000000000000004276832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92219c3e2e64be02022-01-04 14:18:31.710root 11241100x80000000000000004276833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa85742401f1062022-01-04 14:18:31.710root 11241100x80000000000000004276834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd5d8e3c9bca9432022-01-04 14:18:31.710root 11241100x80000000000000004276835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d873a0a42e4977c42022-01-04 14:18:31.710root 11241100x80000000000000004276836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db5903d910e3eb42022-01-04 14:18:31.710root 11241100x80000000000000004276837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e58fe3e88c2a5de2022-01-04 14:18:31.711root 11241100x80000000000000004276838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c5db507de59172022-01-04 14:18:31.711root 11241100x80000000000000004276839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d996c3d17633cece2022-01-04 14:18:31.711root 11241100x80000000000000004276840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fd95a99763cee02022-01-04 14:18:31.711root 11241100x80000000000000004276841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fb1ced0794e32e2022-01-04 14:18:31.711root 11241100x80000000000000004276842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ef48d216e7c0802022-01-04 14:18:31.711root 11241100x80000000000000004276843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fea5cba257b4852022-01-04 14:18:31.711root 11241100x80000000000000004276844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a311176344d68f2022-01-04 14:18:31.711root 11241100x80000000000000004276845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580fe3d799f6d2182022-01-04 14:18:31.711root 11241100x80000000000000004276846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd1578beb481c0e2022-01-04 14:18:31.711root 11241100x80000000000000004276847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104322db6b54625f2022-01-04 14:18:31.711root 11241100x80000000000000004276848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ccd00c1024aa032022-01-04 14:18:31.712root 11241100x80000000000000004276849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaab79da66f63742022-01-04 14:18:32.209root 11241100x80000000000000004276850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f339c158898cb4292022-01-04 14:18:32.209root 11241100x80000000000000004276851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa8e789f214cf7a2022-01-04 14:18:32.210root 11241100x80000000000000004276852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b823ddeb823e9332022-01-04 14:18:32.210root 11241100x80000000000000004276853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e560d0227cbcb5a2022-01-04 14:18:32.210root 11241100x80000000000000004276854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f809befef8db962022-01-04 14:18:32.210root 11241100x80000000000000004276855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d222e4ced867ddd2022-01-04 14:18:32.210root 11241100x80000000000000004276856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961c977706bbf13c2022-01-04 14:18:32.210root 11241100x80000000000000004276857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a792e0746ad904b62022-01-04 14:18:32.210root 11241100x80000000000000004276858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552e8a0768e62a072022-01-04 14:18:32.210root 11241100x80000000000000004276859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087350678e31844e2022-01-04 14:18:32.210root 11241100x80000000000000004276860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57387773352b8102022-01-04 14:18:32.210root 11241100x80000000000000004276861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff76c4411fb8a6f32022-01-04 14:18:32.211root 11241100x80000000000000004276862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dcac3ca57f3d542022-01-04 14:18:32.211root 11241100x80000000000000004276863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c44cdb389f6562022-01-04 14:18:32.211root 11241100x80000000000000004276864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c733e3008e08e52022-01-04 14:18:32.211root 11241100x80000000000000004276865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2286e6695b7ae1622022-01-04 14:18:32.211root 11241100x80000000000000004276866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565ae245be2efc572022-01-04 14:18:32.211root 11241100x80000000000000004276867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d14c7251ef530d2022-01-04 14:18:32.211root 11241100x80000000000000004276868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a24301119a1b4642022-01-04 14:18:32.211root 11241100x80000000000000004276869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2790fa206e613a8c2022-01-04 14:18:32.211root 11241100x80000000000000004276870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef464e148e253a732022-01-04 14:18:32.212root 11241100x80000000000000004276871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08835a9eb03764c52022-01-04 14:18:32.212root 11241100x80000000000000004276872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4281948f8e733412022-01-04 14:18:32.212root 11241100x80000000000000004276873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e390f81743e40c2022-01-04 14:18:32.709root 11241100x80000000000000004276874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e02d533622c0e6d2022-01-04 14:18:32.709root 11241100x80000000000000004276875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abad43e8d21fa6992022-01-04 14:18:32.710root 11241100x80000000000000004276876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11412b70bcd4506e2022-01-04 14:18:32.710root 11241100x80000000000000004276877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e388804f3d436722022-01-04 14:18:32.710root 11241100x80000000000000004276878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d011683f590502022-01-04 14:18:32.710root 11241100x80000000000000004276879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca939cb65f4fcfe92022-01-04 14:18:32.710root 11241100x80000000000000004276880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24349c8d25bde012022-01-04 14:18:32.710root 11241100x80000000000000004276881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac994df9486e36722022-01-04 14:18:32.710root 11241100x80000000000000004276882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de53349c36002d762022-01-04 14:18:32.710root 11241100x80000000000000004276883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e269d7e6018f192022-01-04 14:18:32.710root 11241100x80000000000000004276884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019117025dd8a22b2022-01-04 14:18:32.710root 11241100x80000000000000004276885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86baf5de2036b16e2022-01-04 14:18:32.711root 11241100x80000000000000004276886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eaf5e99426f0562022-01-04 14:18:32.711root 11241100x80000000000000004276887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11736889713534142022-01-04 14:18:32.711root 11241100x80000000000000004276888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e28e7a6652d22f2022-01-04 14:18:32.711root 11241100x80000000000000004276889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532d71cf6f7400bb2022-01-04 14:18:32.711root 11241100x80000000000000004276890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beafdb92a17dce82022-01-04 14:18:32.711root 11241100x80000000000000004276891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89837cc3417414072022-01-04 14:18:32.711root 11241100x80000000000000004276892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126697d63dddd4882022-01-04 14:18:32.711root 11241100x80000000000000004276893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184a8a4cf126fcde2022-01-04 14:18:32.711root 11241100x80000000000000004276894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a7a09364aa29112022-01-04 14:18:32.712root 11241100x80000000000000004276895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7ccb578fe99a262022-01-04 14:18:32.712root 11241100x80000000000000004276896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ac2907d295a2632022-01-04 14:18:32.712root 11241100x80000000000000004276897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a617353fb0eb12022-01-04 14:18:33.209root 11241100x80000000000000004276898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ff2e8e279cc8b72022-01-04 14:18:33.210root 11241100x80000000000000004276899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606cff0db4a1436b2022-01-04 14:18:33.210root 11241100x80000000000000004276900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9105ee8908ea442022-01-04 14:18:33.210root 11241100x80000000000000004276901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4748cf55fa83868a2022-01-04 14:18:33.210root 11241100x80000000000000004276902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf4532f15c281302022-01-04 14:18:33.211root 11241100x80000000000000004276903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0a40a552225bd2022-01-04 14:18:33.211root 11241100x80000000000000004276904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff899b21a1a6ea82022-01-04 14:18:33.211root 11241100x80000000000000004276905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d591a5918e793612022-01-04 14:18:33.211root 11241100x80000000000000004276906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80cfe694446f1762022-01-04 14:18:33.211root 11241100x80000000000000004276907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eaf2a45c1ec3762022-01-04 14:18:33.212root 11241100x80000000000000004276908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c308ffb8332822022-01-04 14:18:33.212root 11241100x80000000000000004276909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03df8c62c41a9c92022-01-04 14:18:33.213root 11241100x80000000000000004276910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2ed4506f557f02022-01-04 14:18:33.214root 11241100x80000000000000004276911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b14930be42dc1a2022-01-04 14:18:33.214root 11241100x80000000000000004276912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db9b264edc14afd2022-01-04 14:18:33.214root 11241100x80000000000000004276913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3900005236c19e302022-01-04 14:18:33.215root 11241100x80000000000000004276914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb56b2714e5caf2022-01-04 14:18:33.215root 11241100x80000000000000004276915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c27aaa005da8b92022-01-04 14:18:33.216root 11241100x80000000000000004276916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cd00db988461ff2022-01-04 14:18:33.216root 11241100x80000000000000004276917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27457343ef99ce412022-01-04 14:18:33.216root 11241100x80000000000000004276918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c208a42b19b3ecae2022-01-04 14:18:33.217root 11241100x80000000000000004276919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69f49ca3eaa3fdd2022-01-04 14:18:33.218root 11241100x80000000000000004276920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1873b23097f8028c2022-01-04 14:18:33.218root 11241100x80000000000000004276921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950f430d0275dc832022-01-04 14:18:33.220root 11241100x80000000000000004276922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124507e8d934446c2022-01-04 14:18:33.710root 11241100x80000000000000004276923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5530deb715e3437c2022-01-04 14:18:33.710root 11241100x80000000000000004276924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdaa2156ec0a1182022-01-04 14:18:33.710root 11241100x80000000000000004276925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7392436d73105aeb2022-01-04 14:18:33.711root 11241100x80000000000000004276926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3a78917ffae1582022-01-04 14:18:33.711root 11241100x80000000000000004276927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb07fb860feca12022-01-04 14:18:33.711root 11241100x80000000000000004276928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80352d7fae5a05432022-01-04 14:18:33.711root 11241100x80000000000000004276929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68505a4d4f2760e52022-01-04 14:18:33.711root 11241100x80000000000000004276930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca4a32fb6e42ef2022-01-04 14:18:33.711root 11241100x80000000000000004276931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475e09015d8466892022-01-04 14:18:33.711root 11241100x80000000000000004276932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514476389c5cadee2022-01-04 14:18:33.712root 11241100x80000000000000004276933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fd4b431804f5392022-01-04 14:18:33.712root 11241100x80000000000000004276934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6118343bfc092f32022-01-04 14:18:33.712root 11241100x80000000000000004276935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0727877e4421132022-01-04 14:18:33.712root 11241100x80000000000000004276936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cb49be6e3d3d0d2022-01-04 14:18:33.712root 11241100x80000000000000004276937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d67054a158c492b2022-01-04 14:18:33.712root 11241100x80000000000000004276938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a41a0774f3e7912022-01-04 14:18:33.712root 11241100x80000000000000004276939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34b0099c6a0e0ec2022-01-04 14:18:33.712root 11241100x80000000000000004276940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13495b075faa67dc2022-01-04 14:18:33.712root 11241100x80000000000000004276941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9389112bc1cc70f92022-01-04 14:18:33.713root 11241100x80000000000000004276942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c76809dc055eaa2022-01-04 14:18:33.713root 11241100x80000000000000004276943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14e94889a6d13af2022-01-04 14:18:33.713root 11241100x80000000000000004276944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6ffcb676610b202022-01-04 14:18:33.713root 11241100x80000000000000004276945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792a0bc7561504b2022-01-04 14:18:33.713root 23542300x80000000000000004276946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.133{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004276947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6312b27639a4c402022-01-04 14:18:34.134root 11241100x80000000000000004276948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78cb69f70ff26542022-01-04 14:18:34.134root 11241100x80000000000000004276949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07594cbc85b2d1e92022-01-04 14:18:34.134root 11241100x80000000000000004276950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfc704ae6ca147f2022-01-04 14:18:34.134root 11241100x80000000000000004276951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0fc62a9d01e3ec2022-01-04 14:18:34.134root 11241100x80000000000000004276952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd584ca382b438492022-01-04 14:18:34.134root 11241100x80000000000000004276953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452a2330b65e592b2022-01-04 14:18:34.134root 11241100x80000000000000004276954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.134{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ae8056c4ec3b9a2022-01-04 14:18:34.134root 11241100x80000000000000004276955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909708dcd1088ef2022-01-04 14:18:34.135root 11241100x80000000000000004276956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c41171a8a45b52022-01-04 14:18:34.135root 11241100x80000000000000004276957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7829349d7856fd82022-01-04 14:18:34.135root 11241100x80000000000000004276958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2c60bbaf29e16a2022-01-04 14:18:34.135root 11241100x80000000000000004276959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5ecaefff3157a92022-01-04 14:18:34.135root 11241100x80000000000000004276960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434af0dfe498644c2022-01-04 14:18:34.135root 11241100x80000000000000004276961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.135{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf9d15e8f54cd992022-01-04 14:18:34.135root 11241100x80000000000000004276962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33ed624c59870a92022-01-04 14:18:34.136root 11241100x80000000000000004276963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d315ffde535e522e2022-01-04 14:18:34.136root 11241100x80000000000000004276964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66508e39f8394482022-01-04 14:18:34.136root 11241100x80000000000000004276965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3c65ecd5a32cff2022-01-04 14:18:34.136root 11241100x80000000000000004276966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c16000083fcba2022-01-04 14:18:34.136root 11241100x80000000000000004276967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfec66cabba57d22022-01-04 14:18:34.136root 11241100x80000000000000004276968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa0ee1903efd4832022-01-04 14:18:34.136root 11241100x80000000000000004276969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.136{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a54a5d89598e02022-01-04 14:18:34.136root 11241100x80000000000000004276970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99457b6bc26571572022-01-04 14:18:34.137root 11241100x80000000000000004276971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b183c6c43943c2a72022-01-04 14:18:34.137root 11241100x80000000000000004276972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.137{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2d369b114e84732022-01-04 14:18:34.137root 11241100x80000000000000004276973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89885c5b0bb7a07b2022-01-04 14:18:34.460root 11241100x80000000000000004276974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f628c893fe289f632022-01-04 14:18:34.460root 11241100x80000000000000004276975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83f042ee52fc9322022-01-04 14:18:34.460root 11241100x80000000000000004276976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd5429a7cb4e032022-01-04 14:18:34.460root 11241100x80000000000000004276977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db522a16febf7d1b2022-01-04 14:18:34.460root 11241100x80000000000000004276978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7a2d045d1d7432022-01-04 14:18:34.461root 11241100x80000000000000004276979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8427fa701b28e912022-01-04 14:18:34.461root 11241100x80000000000000004276980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72f7b7ba0df4402022-01-04 14:18:34.461root 11241100x80000000000000004276981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24df95f01cdf57872022-01-04 14:18:34.461root 11241100x80000000000000004276982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451ca761a62ea2442022-01-04 14:18:34.461root 11241100x80000000000000004276983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8868e4d472f789432022-01-04 14:18:34.461root 11241100x80000000000000004276984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c1f8a2c6285ed32022-01-04 14:18:34.461root 11241100x80000000000000004276985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ec8828bf4d65e2022-01-04 14:18:34.462root 11241100x80000000000000004276986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d3227ae373e35b2022-01-04 14:18:34.462root 11241100x80000000000000004276987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e00f63c3e8da2e62022-01-04 14:18:34.462root 11241100x80000000000000004276988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2059b0d545d86802022-01-04 14:18:34.462root 11241100x80000000000000004276989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3886dfdb35c5c42022-01-04 14:18:34.462root 11241100x80000000000000004276990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990a84f1614deaee2022-01-04 14:18:34.462root 11241100x80000000000000004276991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6777a89beeba342022-01-04 14:18:34.462root 11241100x80000000000000004276992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978d040baca559f02022-01-04 14:18:34.462root 11241100x80000000000000004276993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b562b450cd274202022-01-04 14:18:34.462root 11241100x80000000000000004276994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7275bc33207ca512022-01-04 14:18:34.463root 11241100x80000000000000004276995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6e2a29def61d72022-01-04 14:18:34.463root 11241100x80000000000000004276996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7775dc59ae5d60f72022-01-04 14:18:34.463root 11241100x80000000000000004276997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c92d55214f8252022-01-04 14:18:34.463root 11241100x80000000000000004276998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f8304441a8cd102022-01-04 14:18:34.959root 11241100x80000000000000004276999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead627c7ba7d6b112022-01-04 14:18:34.959root 11241100x80000000000000004277000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af7a629ad713a32022-01-04 14:18:34.960root 11241100x80000000000000004277001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c11fa074044c83e2022-01-04 14:18:34.960root 11241100x80000000000000004277002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d05d5c7114fe802022-01-04 14:18:34.960root 11241100x80000000000000004277003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e53aa33e1cddc22022-01-04 14:18:34.960root 11241100x80000000000000004277004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3563854e5adf65f62022-01-04 14:18:34.960root 11241100x80000000000000004277005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b638b9b6f23c06332022-01-04 14:18:34.960root 11241100x80000000000000004277006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61af2e1f18c32cc2022-01-04 14:18:34.960root 11241100x80000000000000004277007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d5916b34a1b8372022-01-04 14:18:34.960root 11241100x80000000000000004277008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3469ce341d2089bd2022-01-04 14:18:34.960root 11241100x80000000000000004277009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aa16358430c3f82022-01-04 14:18:34.960root 11241100x80000000000000004277010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba94883820f8db2e2022-01-04 14:18:34.961root 11241100x80000000000000004277011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f812eb048d19674b2022-01-04 14:18:34.961root 11241100x80000000000000004277012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1905cc4f2f8a01b82022-01-04 14:18:34.961root 11241100x80000000000000004277013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff39c746f889932022-01-04 14:18:34.961root 11241100x80000000000000004277014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1952d382bffd2512022-01-04 14:18:34.961root 11241100x80000000000000004277015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2628beb40fefbdce2022-01-04 14:18:34.961root 11241100x80000000000000004277016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75ae0cc3150c4642022-01-04 14:18:34.961root 11241100x80000000000000004277017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c875cae42849ddf32022-01-04 14:18:34.962root 11241100x80000000000000004277018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54d0fd6bf24ad7a2022-01-04 14:18:34.962root 11241100x80000000000000004277019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18ff5404059d20d2022-01-04 14:18:34.962root 11241100x80000000000000004277020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aa0242b8f19ce32022-01-04 14:18:34.962root 11241100x80000000000000004277021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8d0bb7e196b83c2022-01-04 14:18:34.962root 11241100x80000000000000004277022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ed9bc00be4c28b2022-01-04 14:18:34.962root 11241100x80000000000000004277023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8039ac3db61d802022-01-04 14:18:35.459root 11241100x80000000000000004277024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7401cdca7760ad7b2022-01-04 14:18:35.459root 11241100x80000000000000004277025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48052034a53268c2022-01-04 14:18:35.459root 11241100x80000000000000004277026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cbffcece92c2192022-01-04 14:18:35.460root 11241100x80000000000000004277027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d838ce9df466ad0a2022-01-04 14:18:35.460root 11241100x80000000000000004277028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5cedb894a3ad442022-01-04 14:18:35.460root 11241100x80000000000000004277029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425596b5d1d8f2112022-01-04 14:18:35.460root 11241100x80000000000000004277030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89df32aa497caa952022-01-04 14:18:35.460root 11241100x80000000000000004277031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c93af9c28b9022022-01-04 14:18:35.460root 11241100x80000000000000004277032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccb3f9f2e2304d82022-01-04 14:18:35.460root 11241100x80000000000000004277033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c4393b2caada742022-01-04 14:18:35.461root 11241100x80000000000000004277034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b6e4262f06c1c32022-01-04 14:18:35.461root 11241100x80000000000000004277035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd1b1b6175420f2022-01-04 14:18:35.461root 11241100x80000000000000004277036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c5c0a797078d6a2022-01-04 14:18:35.461root 11241100x80000000000000004277037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af9516ab608afec2022-01-04 14:18:35.461root 11241100x80000000000000004277038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725a2b5637702f0d2022-01-04 14:18:35.461root 11241100x80000000000000004277039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7211ab78cd2724262022-01-04 14:18:35.461root 11241100x80000000000000004277040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3a1c8d3c2029f32022-01-04 14:18:35.461root 11241100x80000000000000004277041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44ff0052886ef102022-01-04 14:18:35.461root 11241100x80000000000000004277042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b57b022001a4fa2022-01-04 14:18:35.461root 11241100x80000000000000004277043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe0a2e644cfcee22022-01-04 14:18:35.461root 11241100x80000000000000004277044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace805b3aa7d96b52022-01-04 14:18:35.461root 11241100x80000000000000004277045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26257dd0c3a049b2022-01-04 14:18:35.461root 11241100x80000000000000004277046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecedaf622cac9fe2022-01-04 14:18:35.462root 11241100x80000000000000004277047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d92614be88b1f72022-01-04 14:18:35.462root 11241100x80000000000000004277048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bafa021dc898542022-01-04 14:18:35.462root 11241100x80000000000000004277049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f828186ddbacf2c2022-01-04 14:18:35.462root 11241100x80000000000000004277050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f781bb267464ce142022-01-04 14:18:35.462root 11241100x80000000000000004277051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35254fe8be7f987b2022-01-04 14:18:35.959root 11241100x80000000000000004277052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acaa52f81458e152022-01-04 14:18:35.959root 11241100x80000000000000004277053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d77ae26fd23ff2022-01-04 14:18:35.960root 11241100x80000000000000004277054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab76dd122200d3252022-01-04 14:18:35.960root 11241100x80000000000000004277055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8731dbdde9fce0ac2022-01-04 14:18:35.960root 11241100x80000000000000004277056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aa641797d723712022-01-04 14:18:35.960root 11241100x80000000000000004277057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c5215f2a88fe492022-01-04 14:18:35.960root 11241100x80000000000000004277058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c65baaf4b962c262022-01-04 14:18:35.960root 11241100x80000000000000004277059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a62913cc2279c5e2022-01-04 14:18:35.960root 11241100x80000000000000004277060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9949ec04c1027a0d2022-01-04 14:18:35.960root 11241100x80000000000000004277061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd165d035129db632022-01-04 14:18:35.960root 11241100x80000000000000004277062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25778f317831c8a32022-01-04 14:18:35.960root 11241100x80000000000000004277063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a8c81fd3ca02182022-01-04 14:18:35.961root 11241100x80000000000000004277064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7559b1fcb02724a92022-01-04 14:18:35.961root 11241100x80000000000000004277065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b139048ea69e6492022-01-04 14:18:35.961root 11241100x80000000000000004277066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8585afe6a4a5732f2022-01-04 14:18:35.961root 11241100x80000000000000004277067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1186392765f9c2022-01-04 14:18:35.961root 11241100x80000000000000004277068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97d7c87251884302022-01-04 14:18:35.961root 11241100x80000000000000004277069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec0c7fa01e27b632022-01-04 14:18:35.961root 11241100x80000000000000004277070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccb5cb8ee42f3cf2022-01-04 14:18:35.961root 11241100x80000000000000004277071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90967dc5cb97edb72022-01-04 14:18:35.961root 11241100x80000000000000004277072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefc56c068af99da2022-01-04 14:18:35.961root 11241100x80000000000000004277073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3231f8e72b748f2022-01-04 14:18:35.962root 11241100x80000000000000004277074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d08682441f0612022-01-04 14:18:35.962root 11241100x80000000000000004277075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd55cbbd605260b2022-01-04 14:18:35.962root 354300x80000000000000004277076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.119{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41506-false10.0.1.12-8000- 11241100x80000000000000004277077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63212d5da0b871e22022-01-04 14:18:36.459root 11241100x80000000000000004277078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1031db262f3e251d2022-01-04 14:18:36.460root 11241100x80000000000000004277079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcccfca6c63cce52022-01-04 14:18:36.460root 11241100x80000000000000004277080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05423327295b25402022-01-04 14:18:36.460root 11241100x80000000000000004277081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8307ee664a2624b82022-01-04 14:18:36.460root 11241100x80000000000000004277082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7532777d3afffbaa2022-01-04 14:18:36.460root 11241100x80000000000000004277083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034dcb921bb9e1a22022-01-04 14:18:36.461root 11241100x80000000000000004277084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba32c95ee930d62022-01-04 14:18:36.461root 11241100x80000000000000004277085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4665a3530cfcf2e2022-01-04 14:18:36.461root 11241100x80000000000000004277086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a2f04ef9f0b89a2022-01-04 14:18:36.461root 11241100x80000000000000004277087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413120a03902c252022-01-04 14:18:36.461root 11241100x80000000000000004277088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763cf644803678372022-01-04 14:18:36.461root 11241100x80000000000000004277089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b799abfade652342022-01-04 14:18:36.461root 11241100x80000000000000004277090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2c16a119ecf9122022-01-04 14:18:36.461root 11241100x80000000000000004277091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cf45dc6088338f2022-01-04 14:18:36.461root 11241100x80000000000000004277092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f0a94363d00bb02022-01-04 14:18:36.462root 11241100x80000000000000004277093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd9d414892260922022-01-04 14:18:36.462root 11241100x80000000000000004277094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2acf12ef8da16b32022-01-04 14:18:36.462root 11241100x80000000000000004277095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c2c93c915bf3032022-01-04 14:18:36.462root 11241100x80000000000000004277096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e091a679e6143ebb2022-01-04 14:18:36.462root 11241100x80000000000000004277097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478915de58f5981d2022-01-04 14:18:36.462root 11241100x80000000000000004277098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88db562f6d07d7a12022-01-04 14:18:36.462root 11241100x80000000000000004277099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85046b06a5651b022022-01-04 14:18:36.462root 11241100x80000000000000004277100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b85fab82375b9ad2022-01-04 14:18:36.462root 11241100x80000000000000004277101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80857b667b1fd8792022-01-04 14:18:36.463root 11241100x80000000000000004277102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f24a3ce030521c42022-01-04 14:18:36.463root 11241100x80000000000000004277103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77617b3b38b27f0c2022-01-04 14:18:36.960root 11241100x80000000000000004277104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e37653cc0a05e872022-01-04 14:18:36.960root 11241100x80000000000000004277105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ef949815a6946d2022-01-04 14:18:36.960root 11241100x80000000000000004277106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fd395d7018a44a2022-01-04 14:18:36.960root 11241100x80000000000000004277107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5257dbc874b6eb2022-01-04 14:18:36.960root 11241100x80000000000000004277108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7070117b89d8872022-01-04 14:18:36.960root 11241100x80000000000000004277109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3956a407fa9069a2022-01-04 14:18:36.961root 11241100x80000000000000004277110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa063c44f15e072022-01-04 14:18:36.961root 11241100x80000000000000004277111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3549ec2bc983b042022-01-04 14:18:36.961root 11241100x80000000000000004277112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ce052b0c6fd0212022-01-04 14:18:36.961root 11241100x80000000000000004277113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8517d98f3083d0772022-01-04 14:18:36.961root 11241100x80000000000000004277114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94c57866b1bebbd2022-01-04 14:18:36.961root 11241100x80000000000000004277115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b611240d5593f02022-01-04 14:18:36.961root 11241100x80000000000000004277116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec71be13ced9c26a2022-01-04 14:18:36.961root 11241100x80000000000000004277117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c734a4e587b64cab2022-01-04 14:18:36.961root 11241100x80000000000000004277118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df60c44d38adb27e2022-01-04 14:18:36.962root 11241100x80000000000000004277119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ce671d690887f72022-01-04 14:18:36.962root 11241100x80000000000000004277120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a045f39fa9c4f962022-01-04 14:18:36.962root 11241100x80000000000000004277121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8358a7920ef0f7032022-01-04 14:18:36.962root 11241100x80000000000000004277122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426df1cc55d763612022-01-04 14:18:36.962root 11241100x80000000000000004277123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe1fc6379123c762022-01-04 14:18:36.962root 11241100x80000000000000004277124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c887451b16f62992022-01-04 14:18:36.962root 11241100x80000000000000004277125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236682cd62eba1a82022-01-04 14:18:36.962root 11241100x80000000000000004277126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76496bbf42458862022-01-04 14:18:36.963root 11241100x80000000000000004277127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989cdd1a2154c3652022-01-04 14:18:36.963root 11241100x80000000000000004277128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7485ee155c6e2d2022-01-04 14:18:36.963root 11241100x80000000000000004277129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22b20490c6c883a2022-01-04 14:18:37.460root 11241100x80000000000000004277130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7a33fe49d3ce922022-01-04 14:18:37.460root 11241100x80000000000000004277131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab97e7174a1e0742022-01-04 14:18:37.460root 11241100x80000000000000004277132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64e4be794b4e52e2022-01-04 14:18:37.460root 11241100x80000000000000004277133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4b9459305600892022-01-04 14:18:37.460root 11241100x80000000000000004277134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3376c6d0316aad2022-01-04 14:18:37.461root 11241100x80000000000000004277135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90987158f6ee39262022-01-04 14:18:37.461root 11241100x80000000000000004277136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6891a50d976028152022-01-04 14:18:37.461root 11241100x80000000000000004277137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26917d5a6b4f895c2022-01-04 14:18:37.461root 11241100x80000000000000004277138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459cadd5d5a067412022-01-04 14:18:37.461root 11241100x80000000000000004277139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adceab1592efc00f2022-01-04 14:18:37.461root 11241100x80000000000000004277140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f67d9d0651271082022-01-04 14:18:37.461root 11241100x80000000000000004277141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4690cf9581e4942022-01-04 14:18:37.461root 11241100x80000000000000004277142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e4d3cf4d44f7012022-01-04 14:18:37.461root 11241100x80000000000000004277143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7db49f07454fdbb2022-01-04 14:18:37.462root 11241100x80000000000000004277144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1976ab28bef6c62022-01-04 14:18:37.462root 11241100x80000000000000004277145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e94d3e831745432022-01-04 14:18:37.462root 11241100x80000000000000004277146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8e885dae112dea2022-01-04 14:18:37.462root 11241100x80000000000000004277147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116fa44e5f2d6472022-01-04 14:18:37.462root 11241100x80000000000000004277148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69e0bbfc007b022022-01-04 14:18:37.462root 11241100x80000000000000004277149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a04802a9a3e7b12022-01-04 14:18:37.462root 11241100x80000000000000004277150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f79fb4e42f5bd4a2022-01-04 14:18:37.462root 11241100x80000000000000004277151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f4cfbcfbd2a1c2022-01-04 14:18:37.462root 11241100x80000000000000004277152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5b67bd4f87c08b2022-01-04 14:18:37.463root 11241100x80000000000000004277153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1775c50b70c79f2022-01-04 14:18:37.463root 11241100x80000000000000004277154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc23361a1546e95c2022-01-04 14:18:37.463root 11241100x80000000000000004277155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb65a27c6023c2a2022-01-04 14:18:37.959root 11241100x80000000000000004277156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c978c824da6576542022-01-04 14:18:37.959root 11241100x80000000000000004277157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dbbb03a17811422022-01-04 14:18:37.959root 11241100x80000000000000004277158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f83891079124eb2022-01-04 14:18:37.960root 11241100x80000000000000004277159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b864a0bc632eae3f2022-01-04 14:18:37.960root 11241100x80000000000000004277160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f15a6dcbda294912022-01-04 14:18:37.960root 11241100x80000000000000004277161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8c86eda0c29fdd2022-01-04 14:18:37.960root 11241100x80000000000000004277162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2dfaf0a7803b4e2022-01-04 14:18:37.960root 11241100x80000000000000004277163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de72963b92033342022-01-04 14:18:37.960root 11241100x80000000000000004277164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd91601073ab8992022-01-04 14:18:37.960root 11241100x80000000000000004277165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7711460991ae9d52022-01-04 14:18:37.960root 11241100x80000000000000004277166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d003f8da1c1932d2022-01-04 14:18:37.960root 11241100x80000000000000004277167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f528e09432c711322022-01-04 14:18:37.961root 11241100x80000000000000004277168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dc61259452f0732022-01-04 14:18:37.961root 11241100x80000000000000004277169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3951e58092efb6fb2022-01-04 14:18:37.961root 11241100x80000000000000004277170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307537d1f5b0b7aa2022-01-04 14:18:37.961root 11241100x80000000000000004277171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e23904fb68f4802022-01-04 14:18:37.961root 11241100x80000000000000004277172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b861eb1633a5069b2022-01-04 14:18:37.961root 11241100x80000000000000004277173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec8b3df0f7c8ca12022-01-04 14:18:37.961root 11241100x80000000000000004277174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9375e9fec89b5fb32022-01-04 14:18:37.961root 11241100x80000000000000004277175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ac35e850e990e32022-01-04 14:18:37.962root 11241100x80000000000000004277176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef8ccc910946e12022-01-04 14:18:37.962root 11241100x80000000000000004277177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bd2a25e63797662022-01-04 14:18:37.962root 11241100x80000000000000004277178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2593c042008d042022-01-04 14:18:37.962root 11241100x80000000000000004277179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030540d4fcb861a32022-01-04 14:18:37.962root 11241100x80000000000000004277180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942601145057afe2022-01-04 14:18:37.962root 11241100x80000000000000004277181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4625ed129c06012022-01-04 14:18:37.962root 11241100x80000000000000004277182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8242170e71449ecf2022-01-04 14:18:38.460root 11241100x80000000000000004277183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a741513f32348f2022-01-04 14:18:38.460root 11241100x80000000000000004277184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e65a020ba204bd92022-01-04 14:18:38.460root 11241100x80000000000000004277185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1464636fa4a5c22022-01-04 14:18:38.460root 11241100x80000000000000004277186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b19340c5e06c08f2022-01-04 14:18:38.460root 11241100x80000000000000004277187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a383b14c4b6ca1f62022-01-04 14:18:38.460root 11241100x80000000000000004277188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d3ec04e3f873742022-01-04 14:18:38.461root 11241100x80000000000000004277189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3243e35235123372022-01-04 14:18:38.461root 11241100x80000000000000004277190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6796a8f1ce966052022-01-04 14:18:38.461root 11241100x80000000000000004277191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c7da17d8a5f6152022-01-04 14:18:38.461root 11241100x80000000000000004277192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a02ec594b9a1792022-01-04 14:18:38.461root 11241100x80000000000000004277193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f20e68ff236e42022-01-04 14:18:38.461root 11241100x80000000000000004277194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6301f816351558072022-01-04 14:18:38.461root 11241100x80000000000000004277195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef11ce86f8046c292022-01-04 14:18:38.461root 11241100x80000000000000004277196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929314f5294d49ec2022-01-04 14:18:38.462root 11241100x80000000000000004277197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8902d5bcd74aabfd2022-01-04 14:18:38.462root 11241100x80000000000000004277198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95270ef915e7e88d2022-01-04 14:18:38.462root 11241100x80000000000000004277199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac296d5b0711852022-01-04 14:18:38.462root 11241100x80000000000000004277200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f7de1db1916a112022-01-04 14:18:38.462root 11241100x80000000000000004277201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87594082e36a89d82022-01-04 14:18:38.462root 11241100x80000000000000004277202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4429011fb7c66062022-01-04 14:18:38.462root 11241100x80000000000000004277203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f677e63edd1764be2022-01-04 14:18:38.462root 11241100x80000000000000004277204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c02865faa6bb2b2022-01-04 14:18:38.462root 11241100x80000000000000004277205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90704af7ad7f4c542022-01-04 14:18:38.462root 11241100x80000000000000004277206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62abca6b2f69b5aa2022-01-04 14:18:38.462root 11241100x80000000000000004277207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb27f157c950cd762022-01-04 14:18:38.462root 11241100x80000000000000004277208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c973b1a21e831ab52022-01-04 14:18:38.959root 11241100x80000000000000004277209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3680c17fa077012022-01-04 14:18:38.959root 11241100x80000000000000004277210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd587091fc3182b2022-01-04 14:18:38.960root 11241100x80000000000000004277211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cdee1f59eb25cd2022-01-04 14:18:38.960root 11241100x80000000000000004277212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59559bb5dca6a2f2022-01-04 14:18:38.960root 11241100x80000000000000004277213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c71c48614331312022-01-04 14:18:38.960root 11241100x80000000000000004277214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb731c8506f59782022-01-04 14:18:38.960root 11241100x80000000000000004277215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384dd5222ac1c6da2022-01-04 14:18:38.960root 11241100x80000000000000004277216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3de440d2486199e2022-01-04 14:18:38.960root 11241100x80000000000000004277217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23357bdd4451337e2022-01-04 14:18:38.960root 11241100x80000000000000004277218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decdeaeb91f776222022-01-04 14:18:38.960root 11241100x80000000000000004277219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3aa7b57641a9f92022-01-04 14:18:38.960root 11241100x80000000000000004277220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9936f794360f10632022-01-04 14:18:38.961root 11241100x80000000000000004277221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0de5bff4e5db4702022-01-04 14:18:38.961root 11241100x80000000000000004277222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ba6d04af614dd2022-01-04 14:18:38.961root 11241100x80000000000000004277223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47cda55eaa91132022-01-04 14:18:38.961root 11241100x80000000000000004277224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b0da444c6a9d572022-01-04 14:18:38.961root 11241100x80000000000000004277225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3c1de1cf5cdad32022-01-04 14:18:38.961root 11241100x80000000000000004277226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b5a2420c463a92022-01-04 14:18:38.961root 11241100x80000000000000004277227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970413bb68cc95442022-01-04 14:18:38.961root 11241100x80000000000000004277228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afd3600405a74782022-01-04 14:18:38.961root 11241100x80000000000000004277229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7640272b6b80d2022-01-04 14:18:38.961root 11241100x80000000000000004277230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b847865a278346292022-01-04 14:18:38.962root 11241100x80000000000000004277231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f17ab60d38f49cc2022-01-04 14:18:38.962root 11241100x80000000000000004277232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d404996702edf82022-01-04 14:18:38.962root 11241100x80000000000000004277233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c96756fc1e0a02022-01-04 14:18:38.962root 11241100x80000000000000004277234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2cef5ce06197fd2022-01-04 14:18:39.459root 11241100x80000000000000004277235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee37703b0aa4142022-01-04 14:18:39.459root 11241100x80000000000000004277236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e973a84f7bb4472022-01-04 14:18:39.460root 11241100x80000000000000004277237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a161bd1f02af5b82022-01-04 14:18:39.460root 11241100x80000000000000004277238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366e14092efe569a2022-01-04 14:18:39.460root 11241100x80000000000000004277239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb018b1a2d235f2022-01-04 14:18:39.460root 11241100x80000000000000004277240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d0e850983ddc4f2022-01-04 14:18:39.460root 11241100x80000000000000004277241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f67840ba65bc98c2022-01-04 14:18:39.461root 11241100x80000000000000004277242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44574b5b4bb09c12022-01-04 14:18:39.461root 11241100x80000000000000004277243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a73e5ef1d071172022-01-04 14:18:39.461root 11241100x80000000000000004277244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79575e8598952fea2022-01-04 14:18:39.461root 11241100x80000000000000004277245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cab4613d276a342022-01-04 14:18:39.461root 11241100x80000000000000004277246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d8d378f7efca862022-01-04 14:18:39.461root 11241100x80000000000000004277247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad863c26c7e35232022-01-04 14:18:39.461root 11241100x80000000000000004277248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8b4875bf34bd252022-01-04 14:18:39.461root 11241100x80000000000000004277249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a98653408cb3f322022-01-04 14:18:39.461root 11241100x80000000000000004277250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72375accfd521522022-01-04 14:18:39.461root 11241100x80000000000000004277251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853c12ece23459012022-01-04 14:18:39.461root 11241100x80000000000000004277252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d028a1279a42cb72022-01-04 14:18:39.461root 11241100x80000000000000004277253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51987dd79660eca92022-01-04 14:18:39.461root 11241100x80000000000000004277254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd504769644d1442022-01-04 14:18:39.461root 11241100x80000000000000004277255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a1a34024d30572022-01-04 14:18:39.462root 11241100x80000000000000004277256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8721b9d41e0633b2022-01-04 14:18:39.462root 11241100x80000000000000004277257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663bc1b6ddaf02d12022-01-04 14:18:39.462root 11241100x80000000000000004277258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5423a2cbc4e812562022-01-04 14:18:39.462root 11241100x80000000000000004277259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87088c2ab40d9582022-01-04 14:18:39.462root 11241100x80000000000000004277260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f343bd2d9a2a15d52022-01-04 14:18:39.959root 11241100x80000000000000004277261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f12d1a581b5e3352022-01-04 14:18:39.959root 11241100x80000000000000004277262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f204669fbcb71392022-01-04 14:18:39.959root 11241100x80000000000000004277263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a80afcf24edb42022-01-04 14:18:39.960root 11241100x80000000000000004277264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f0638b200f26c22022-01-04 14:18:39.960root 11241100x80000000000000004277265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f1167a9b6fb1a2022-01-04 14:18:39.960root 11241100x80000000000000004277266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6dc0b672a0f60f2022-01-04 14:18:39.960root 11241100x80000000000000004277267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ba9522ac83af902022-01-04 14:18:39.960root 11241100x80000000000000004277268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dd9b14b8470b052022-01-04 14:18:39.960root 11241100x80000000000000004277269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3c236d050678a72022-01-04 14:18:39.960root 11241100x80000000000000004277270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321aebd0ba0fefb52022-01-04 14:18:39.960root 11241100x80000000000000004277271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979d4a913c0207442022-01-04 14:18:39.960root 11241100x80000000000000004277272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f9fed59cfa0a7b2022-01-04 14:18:39.960root 11241100x80000000000000004277273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97759534f60ec3742022-01-04 14:18:39.960root 11241100x80000000000000004277274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae86741c5f5afdc2022-01-04 14:18:39.960root 11241100x80000000000000004277275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da901485afd39b82022-01-04 14:18:39.960root 11241100x80000000000000004277276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bea8004b8786a132022-01-04 14:18:39.960root 11241100x80000000000000004277277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd37c39bdbd75752022-01-04 14:18:39.960root 11241100x80000000000000004277278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f619e3de646b1db22022-01-04 14:18:39.961root 11241100x80000000000000004277279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4ec7c90ba8a9f12022-01-04 14:18:39.961root 11241100x80000000000000004277280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d153b113e172342022-01-04 14:18:39.961root 11241100x80000000000000004277281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9843e8245352d4272022-01-04 14:18:39.961root 11241100x80000000000000004277282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a4088c6e21a32a2022-01-04 14:18:39.961root 11241100x80000000000000004277283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2991ab87a142162022-01-04 14:18:39.961root 11241100x80000000000000004277284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8623cb2999cd29b22022-01-04 14:18:39.961root 11241100x80000000000000004277285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b7e275669ef7d12022-01-04 14:18:39.961root 11241100x80000000000000004277286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013a77bb31d7547d2022-01-04 14:18:40.460root 11241100x80000000000000004277287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36908dc1e1828af2022-01-04 14:18:40.460root 11241100x80000000000000004277288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316e4a9492242ec2022-01-04 14:18:40.460root 11241100x80000000000000004277289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d96244fa13afac2022-01-04 14:18:40.461root 11241100x80000000000000004277290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3a7f54f5b30e272022-01-04 14:18:40.461root 11241100x80000000000000004277291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248eb18c3535f7862022-01-04 14:18:40.461root 11241100x80000000000000004277292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0ebc0320955d722022-01-04 14:18:40.461root 11241100x80000000000000004277293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e896dd1a1bd6d242022-01-04 14:18:40.461root 11241100x80000000000000004277294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0e0d795c152ff12022-01-04 14:18:40.461root 11241100x80000000000000004277295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b3aa40668124a2022-01-04 14:18:40.462root 11241100x80000000000000004277296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d236574b57d3b73a2022-01-04 14:18:40.463root 11241100x80000000000000004277297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ba92a12d1ca5832022-01-04 14:18:40.463root 11241100x80000000000000004277298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd23db7bde6b6a52022-01-04 14:18:40.463root 11241100x80000000000000004277299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd971a5742740992022-01-04 14:18:40.463root 11241100x80000000000000004277300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03088aa2ae0b6412022-01-04 14:18:40.463root 11241100x80000000000000004277301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f274936b87a849cb2022-01-04 14:18:40.464root 11241100x80000000000000004277302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3f2f1005d1aff72022-01-04 14:18:40.464root 11241100x80000000000000004277303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829536de1b2c7cb42022-01-04 14:18:40.464root 11241100x80000000000000004277304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a361765437f2262022-01-04 14:18:40.464root 11241100x80000000000000004277305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8977e8a91d32a3152022-01-04 14:18:40.464root 11241100x80000000000000004277306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e18225167a0c352022-01-04 14:18:40.464root 11241100x80000000000000004277307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298a5a846c9b8d142022-01-04 14:18:40.464root 11241100x80000000000000004277308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e57b369a7adf232022-01-04 14:18:40.464root 11241100x80000000000000004277309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799c2b170e21471f2022-01-04 14:18:40.464root 11241100x80000000000000004277310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f183a54697a570202022-01-04 14:18:40.464root 11241100x80000000000000004277311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df131497a952c8eb2022-01-04 14:18:40.464root 11241100x80000000000000004277312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f448893f3ef0a52d2022-01-04 14:18:40.960root 11241100x80000000000000004277313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a7865f9dfe28e42022-01-04 14:18:40.960root 11241100x80000000000000004277314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6775bf21b91e53dd2022-01-04 14:18:40.960root 11241100x80000000000000004277315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a70e67e75d98b842022-01-04 14:18:40.960root 11241100x80000000000000004277316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3b797a51d610192022-01-04 14:18:40.960root 11241100x80000000000000004277317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c3ea571d431de92022-01-04 14:18:40.960root 11241100x80000000000000004277318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f95e1977b77ca282022-01-04 14:18:40.960root 11241100x80000000000000004277319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5cd12d62544cb12022-01-04 14:18:40.961root 11241100x80000000000000004277320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9ad89cdd81b3122022-01-04 14:18:40.961root 11241100x80000000000000004277321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c82ea4ef84c2c42022-01-04 14:18:40.961root 11241100x80000000000000004277322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f17d8ad5f432f82022-01-04 14:18:40.961root 11241100x80000000000000004277323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cad3cb5ff9221a2022-01-04 14:18:40.962root 11241100x80000000000000004277324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574888ee4ee47ec82022-01-04 14:18:40.962root 11241100x80000000000000004277325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb52a182b20682e2022-01-04 14:18:40.962root 11241100x80000000000000004277326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c03252c68741952022-01-04 14:18:40.962root 11241100x80000000000000004277327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b832d4ac0d4aa632022-01-04 14:18:40.962root 11241100x80000000000000004277328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd868251d934c2a32022-01-04 14:18:40.963root 11241100x80000000000000004277329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32298c3b26fde6592022-01-04 14:18:40.963root 11241100x80000000000000004277330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f58b9723724262022-01-04 14:18:40.963root 11241100x80000000000000004277331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57db34f73d8e26202022-01-04 14:18:40.963root 11241100x80000000000000004277332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8982b3fad953012022-01-04 14:18:40.963root 11241100x80000000000000004277333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d1b02273af20222022-01-04 14:18:40.963root 11241100x80000000000000004277334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ffd35f5e69cbb22022-01-04 14:18:40.963root 11241100x80000000000000004277335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f2691d4eebbdeb2022-01-04 14:18:40.963root 11241100x80000000000000004277336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7df5e2c00514f12022-01-04 14:18:40.963root 11241100x80000000000000004277337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:40.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113ea7f07bdd95062022-01-04 14:18:40.964root 354300x80000000000000004277338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.217{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41508-false10.0.1.12-8000- 11241100x80000000000000004277339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cbd743b1fa0f5e2022-01-04 14:18:41.218root 11241100x80000000000000004277340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d785e40cfdc8dd2022-01-04 14:18:41.218root 11241100x80000000000000004277341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e390a3389df9ec1e2022-01-04 14:18:41.218root 11241100x80000000000000004277342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2f37e713d22bea2022-01-04 14:18:41.218root 11241100x80000000000000004277343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6f75268011d6912022-01-04 14:18:41.218root 11241100x80000000000000004277344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba6c6f9996ac6c2022-01-04 14:18:41.219root 11241100x80000000000000004277345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28095bfbd1516bd72022-01-04 14:18:41.219root 11241100x80000000000000004277346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e844f1dde3ef5192022-01-04 14:18:41.219root 11241100x80000000000000004277347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948c55b7a6d5e462022-01-04 14:18:41.219root 11241100x80000000000000004277348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c719e6f1bc7ca2022-01-04 14:18:41.219root 11241100x80000000000000004277349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695064ecaa0b4f312022-01-04 14:18:41.219root 11241100x80000000000000004277350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a130bffac2d5912022-01-04 14:18:41.219root 11241100x80000000000000004277351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76dc2537027e2572022-01-04 14:18:41.219root 11241100x80000000000000004277352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80caf3433d4754b62022-01-04 14:18:41.220root 11241100x80000000000000004277353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5c3329aa7ab5db2022-01-04 14:18:41.220root 11241100x80000000000000004277354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96fec4ee9e87d522022-01-04 14:18:41.220root 11241100x80000000000000004277355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1826d3b4f8a66e7d2022-01-04 14:18:41.220root 11241100x80000000000000004277356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94198b88ea946232022-01-04 14:18:41.220root 11241100x80000000000000004277357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b365438a0be02362022-01-04 14:18:41.220root 11241100x80000000000000004277358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127c189419c323002022-01-04 14:18:41.221root 11241100x80000000000000004277359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdd6a80b49eddf82022-01-04 14:18:41.221root 11241100x80000000000000004277360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d781e49ab11f836b2022-01-04 14:18:41.221root 11241100x80000000000000004277361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a62e5c9a0f9f9f2022-01-04 14:18:41.221root 11241100x80000000000000004277362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eb4bd3927bb37d2022-01-04 14:18:41.221root 11241100x80000000000000004277363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b258ee128b1a63382022-01-04 14:18:41.221root 11241100x80000000000000004277364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce215ff6b5c3b32022-01-04 14:18:41.222root 11241100x80000000000000004277365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6440c22c964bf92022-01-04 14:18:41.222root 11241100x80000000000000004277366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11878f0caeffc162022-01-04 14:18:41.222root 11241100x80000000000000004277367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf2ac48148e0b122022-01-04 14:18:41.222root 11241100x80000000000000004277368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4875f7b77b4b0d2022-01-04 14:18:41.222root 11241100x80000000000000004277369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ee88dfe50a825b2022-01-04 14:18:41.222root 11241100x80000000000000004277370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2d55e56f007d232022-01-04 14:18:41.709root 11241100x80000000000000004277371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb02655720fe6fe2022-01-04 14:18:41.709root 11241100x80000000000000004277372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a0a3984c182bad2022-01-04 14:18:41.710root 11241100x80000000000000004277373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e555d98c922991f2022-01-04 14:18:41.710root 11241100x80000000000000004277374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fe425d991019982022-01-04 14:18:41.710root 11241100x80000000000000004277375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f33fb930f61ed352022-01-04 14:18:41.710root 11241100x80000000000000004277376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080852d8c93a11522022-01-04 14:18:41.710root 11241100x80000000000000004277377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5a83bd684429402022-01-04 14:18:41.710root 11241100x80000000000000004277378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70dc88bb283dcfd2022-01-04 14:18:41.710root 11241100x80000000000000004277379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22097338b5eb64152022-01-04 14:18:41.710root 11241100x80000000000000004277380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21024be675e058e2022-01-04 14:18:41.711root 11241100x80000000000000004277381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4296f0b0791c66d92022-01-04 14:18:41.711root 11241100x80000000000000004277382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e7e0d7b4109f9a2022-01-04 14:18:41.711root 11241100x80000000000000004277383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5919d47ccf0542922022-01-04 14:18:41.711root 11241100x80000000000000004277384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a03f19cb70d1eb42022-01-04 14:18:41.711root 11241100x80000000000000004277385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef52c9dfae37227c2022-01-04 14:18:41.711root 11241100x80000000000000004277386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84e4df13f478ae22022-01-04 14:18:41.711root 11241100x80000000000000004277387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cec06dbe60acd02022-01-04 14:18:41.711root 11241100x80000000000000004277388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071e342723b77f592022-01-04 14:18:41.711root 11241100x80000000000000004277389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e893af50ff7922022-01-04 14:18:41.711root 11241100x80000000000000004277390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac9483519f0d442022-01-04 14:18:41.711root 11241100x80000000000000004277391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a182ffe1b9ef212022-01-04 14:18:41.712root 11241100x80000000000000004277392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dca0bbd42cc2832022-01-04 14:18:41.712root 11241100x80000000000000004277393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a25328e5b283912022-01-04 14:18:41.712root 11241100x80000000000000004277394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5a21b2a44c18cf2022-01-04 14:18:41.712root 11241100x80000000000000004277395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201fe91d6ba6d392022-01-04 14:18:41.712root 11241100x80000000000000004277396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c8539b9d03c6d72022-01-04 14:18:41.712root 11241100x80000000000000004277397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f38a4e6f87e8e532022-01-04 14:18:42.210root 11241100x80000000000000004277398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af5f951103d4b5d2022-01-04 14:18:42.210root 11241100x80000000000000004277399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3390025971a5ef2022-01-04 14:18:42.210root 11241100x80000000000000004277400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122b65bc0841fcc92022-01-04 14:18:42.210root 11241100x80000000000000004277401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97966318a1a86a682022-01-04 14:18:42.210root 11241100x80000000000000004277402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021ed032324fb0d52022-01-04 14:18:42.210root 11241100x80000000000000004277403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a149ff0c352fc902022-01-04 14:18:42.210root 11241100x80000000000000004277404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4931d115c87acb32022-01-04 14:18:42.210root 11241100x80000000000000004277405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52faaaff614484f2022-01-04 14:18:42.210root 11241100x80000000000000004277406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e1fca68c3793db2022-01-04 14:18:42.210root 11241100x80000000000000004277407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad28080b467f81b2022-01-04 14:18:42.211root 11241100x80000000000000004277408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a620cd012be5d2022-01-04 14:18:42.211root 11241100x80000000000000004277409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c995b8b54339e32022-01-04 14:18:42.211root 11241100x80000000000000004277410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cad124578c224142022-01-04 14:18:42.211root 11241100x80000000000000004277411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7f5fe474b87a6d2022-01-04 14:18:42.211root 11241100x80000000000000004277412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eee25aa80c9af22022-01-04 14:18:42.211root 11241100x80000000000000004277413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc9dffac3a127ab2022-01-04 14:18:42.211root 11241100x80000000000000004277414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda8040f038dc1802022-01-04 14:18:42.211root 11241100x80000000000000004277415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958abc3fba10daab2022-01-04 14:18:42.211root 11241100x80000000000000004277416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3105f15131506ef22022-01-04 14:18:42.211root 11241100x80000000000000004277417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c79d1400a2b4a2022-01-04 14:18:42.211root 11241100x80000000000000004277418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef726db7f109692022-01-04 14:18:42.211root 11241100x80000000000000004277419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8deb819c329e182022-01-04 14:18:42.211root 11241100x80000000000000004277420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93bcdc54944fc152022-01-04 14:18:42.211root 11241100x80000000000000004277421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c758dde768dd482022-01-04 14:18:42.211root 11241100x80000000000000004277422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409a2f195336de532022-01-04 14:18:42.212root 11241100x80000000000000004277423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f54768711451052022-01-04 14:18:42.212root 11241100x80000000000000004277424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758fc45326611f992022-01-04 14:18:42.710root 11241100x80000000000000004277425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c65bda767e1b032022-01-04 14:18:42.710root 11241100x80000000000000004277426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688ded44f1dcb5552022-01-04 14:18:42.711root 11241100x80000000000000004277427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d8c7a8d176c8ff2022-01-04 14:18:42.712root 11241100x80000000000000004277428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fc15fd902d14342022-01-04 14:18:42.712root 11241100x80000000000000004277429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d4ced8ccf2fd22022-01-04 14:18:42.712root 11241100x80000000000000004277430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647194602a67ad7e2022-01-04 14:18:42.712root 11241100x80000000000000004277431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b2a64ff668fd6d2022-01-04 14:18:42.712root 11241100x80000000000000004277432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b126a7eea44bb6a12022-01-04 14:18:42.712root 11241100x80000000000000004277433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dadd4618d4ec4e2022-01-04 14:18:42.713root 11241100x80000000000000004277434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62baa1aa93523c02022-01-04 14:18:42.713root 11241100x80000000000000004277435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e4c97b0b6ae432022-01-04 14:18:42.713root 11241100x80000000000000004277436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07050d17b3bb0912022-01-04 14:18:42.713root 11241100x80000000000000004277437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c9a9e420c4aad72022-01-04 14:18:42.713root 11241100x80000000000000004277438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ba6b46b24fbcaf2022-01-04 14:18:42.713root 11241100x80000000000000004277439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080af77f8cd6de5b2022-01-04 14:18:42.713root 11241100x80000000000000004277440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c1d791596e2cbb2022-01-04 14:18:42.713root 11241100x80000000000000004277441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4056f73cf1da46812022-01-04 14:18:42.713root 11241100x80000000000000004277442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80275c3db45e7ae72022-01-04 14:18:42.713root 11241100x80000000000000004277443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdbba36792ab37c2022-01-04 14:18:42.713root 11241100x80000000000000004277444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb867e62d34a4b82022-01-04 14:18:42.713root 11241100x80000000000000004277445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b1fb022d8e5afa2022-01-04 14:18:42.713root 11241100x80000000000000004277446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6004124754eb25812022-01-04 14:18:42.713root 11241100x80000000000000004277447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b9940fbfde7b02022-01-04 14:18:42.713root 11241100x80000000000000004277448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0fe75c5d0018352022-01-04 14:18:42.714root 11241100x80000000000000004277449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80ae420a62971cc2022-01-04 14:18:42.714root 11241100x80000000000000004277450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087496d135779832022-01-04 14:18:42.714root 11241100x80000000000000004277451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27411f090633cd642022-01-04 14:18:43.209root 11241100x80000000000000004277452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c536d8def36a3ac92022-01-04 14:18:43.209root 11241100x80000000000000004277453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afce29c285eb094d2022-01-04 14:18:43.209root 11241100x80000000000000004277454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db8360abf8778532022-01-04 14:18:43.210root 11241100x80000000000000004277455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7325ff34f33282022-01-04 14:18:43.210root 11241100x80000000000000004277456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a850ae25b54e83a32022-01-04 14:18:43.210root 11241100x80000000000000004277457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a90d34bd9d04452022-01-04 14:18:43.210root 11241100x80000000000000004277458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0857e79cc10514482022-01-04 14:18:43.210root 11241100x80000000000000004277459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdaf344fcb71b0a2022-01-04 14:18:43.210root 11241100x80000000000000004277460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5480eca71a4b762022-01-04 14:18:43.211root 11241100x80000000000000004277461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930294c12f3c8a0a2022-01-04 14:18:43.211root 11241100x80000000000000004277462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e4c8d13cab66462022-01-04 14:18:43.211root 11241100x80000000000000004277463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f61108b89a8d342022-01-04 14:18:43.211root 11241100x80000000000000004277464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59330e8908e46f7e2022-01-04 14:18:43.211root 11241100x80000000000000004277465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33a2427c1dedbda2022-01-04 14:18:43.211root 11241100x80000000000000004277466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c21b682f7e06f392022-01-04 14:18:43.211root 11241100x80000000000000004277467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4e16db3e0aeaf42022-01-04 14:18:43.211root 11241100x80000000000000004277468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b7ba95810871d52022-01-04 14:18:43.211root 11241100x80000000000000004277469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1140fc9c104da3a72022-01-04 14:18:43.211root 11241100x80000000000000004277470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19b1bbca64f49722022-01-04 14:18:43.212root 11241100x80000000000000004277471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94197e76fb3f84692022-01-04 14:18:43.212root 11241100x80000000000000004277472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96bbe1e83d36e952022-01-04 14:18:43.212root 11241100x80000000000000004277473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96bf3d97185a4e02022-01-04 14:18:43.212root 11241100x80000000000000004277474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c903c26a6cc34a2022-01-04 14:18:43.212root 11241100x80000000000000004277475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b3de20ec0a68eb2022-01-04 14:18:43.212root 11241100x80000000000000004277476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115a502263107bc82022-01-04 14:18:43.212root 11241100x80000000000000004277477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77cec7caed95222022-01-04 14:18:43.212root 11241100x80000000000000004277478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69caae4557dce2c2022-01-04 14:18:43.212root 11241100x80000000000000004277479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179668cfd9e64dde2022-01-04 14:18:43.212root 11241100x80000000000000004277480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a3f36b2a6359592022-01-04 14:18:43.212root 11241100x80000000000000004277481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c9147561ea0352022-01-04 14:18:43.212root 11241100x80000000000000004277482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bd2b46fae1bed72022-01-04 14:18:43.709root 11241100x80000000000000004277483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bbe92591ae4a092022-01-04 14:18:43.710root 11241100x80000000000000004277484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd009af3928e27b2022-01-04 14:18:43.710root 11241100x80000000000000004277485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b917834ecdf9c2da2022-01-04 14:18:43.710root 11241100x80000000000000004277486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880206137778a2dc2022-01-04 14:18:43.710root 11241100x80000000000000004277487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5769b302984ce36d2022-01-04 14:18:43.710root 11241100x80000000000000004277488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bb64f3a46419742022-01-04 14:18:43.710root 11241100x80000000000000004277489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fb0ec90c04cd862022-01-04 14:18:43.711root 11241100x80000000000000004277490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472eecf23c325ff52022-01-04 14:18:43.711root 11241100x80000000000000004277491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfacd80d466cb32022-01-04 14:18:43.711root 11241100x80000000000000004277492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac9e25c776ea8462022-01-04 14:18:43.711root 11241100x80000000000000004277493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea145cf264abfd742022-01-04 14:18:43.711root 11241100x80000000000000004277494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd78e83f3cc525c2022-01-04 14:18:43.711root 11241100x80000000000000004277495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146f36ad4a98bd402022-01-04 14:18:43.711root 11241100x80000000000000004277496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f2a270d5505042022-01-04 14:18:43.712root 11241100x80000000000000004277497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f1eef5b19b67b12022-01-04 14:18:43.712root 11241100x80000000000000004277498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c04391330d63fe2022-01-04 14:18:43.712root 11241100x80000000000000004277499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f0b2ad1943fd82022-01-04 14:18:43.712root 11241100x80000000000000004277500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1999b3b7360f182022-01-04 14:18:43.712root 11241100x80000000000000004277501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2454797bfeba2a332022-01-04 14:18:43.712root 11241100x80000000000000004277502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26fba7f9ddbeeb22022-01-04 14:18:43.712root 11241100x80000000000000004277503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bdfbd7853025c92022-01-04 14:18:43.712root 11241100x80000000000000004277504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35331c0bba52eed22022-01-04 14:18:43.712root 11241100x80000000000000004277505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19655b89b6b69a5f2022-01-04 14:18:43.712root 11241100x80000000000000004277506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5df2cedc54b30b2022-01-04 14:18:43.712root 11241100x80000000000000004277507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d701634ae02c4c02022-01-04 14:18:43.713root 11241100x80000000000000004277508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8985194c7373c3872022-01-04 14:18:43.713root 11241100x80000000000000004277509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009770bde586f9972022-01-04 14:18:43.713root 11241100x80000000000000004277510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50e71500e6217222022-01-04 14:18:44.210root 11241100x80000000000000004277511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f1f5ec4d09d30e2022-01-04 14:18:44.210root 11241100x80000000000000004277512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81851176ae27f0c72022-01-04 14:18:44.210root 11241100x80000000000000004277513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734c545037bc24412022-01-04 14:18:44.210root 11241100x80000000000000004277514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd63d0e6b2b657232022-01-04 14:18:44.211root 11241100x80000000000000004277515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580f86d7771e3ba52022-01-04 14:18:44.211root 11241100x80000000000000004277516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2eb7f610dfb6b62022-01-04 14:18:44.211root 11241100x80000000000000004277517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc345c375a7140b02022-01-04 14:18:44.211root 11241100x80000000000000004277518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749884b3457e616d2022-01-04 14:18:44.211root 11241100x80000000000000004277519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd12788e55d2e73e2022-01-04 14:18:44.211root 11241100x80000000000000004277520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8fde80be58cbd32022-01-04 14:18:44.211root 11241100x80000000000000004277521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460d1469613b8ad82022-01-04 14:18:44.211root 11241100x80000000000000004277522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775154be67a6cba82022-01-04 14:18:44.211root 11241100x80000000000000004277523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e42d2d26fa0b9462022-01-04 14:18:44.211root 11241100x80000000000000004277524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d258b9fe1038fc4e2022-01-04 14:18:44.211root 11241100x80000000000000004277525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ce4c1ecce516e2022-01-04 14:18:44.211root 11241100x80000000000000004277526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0451ce92e25d82022-01-04 14:18:44.211root 11241100x80000000000000004277527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74445dbbcfb090d22022-01-04 14:18:44.212root 11241100x80000000000000004277528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4249e5e7dd8fb6732022-01-04 14:18:44.212root 11241100x80000000000000004277529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9185805b7e67d2022-01-04 14:18:44.212root 11241100x80000000000000004277530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65405a98e5ebcc132022-01-04 14:18:44.212root 11241100x80000000000000004277531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cb241c613c349f2022-01-04 14:18:44.212root 11241100x80000000000000004277532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c284d4d366a69d2022-01-04 14:18:44.212root 11241100x80000000000000004277533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98554de13b7e4fef2022-01-04 14:18:44.212root 11241100x80000000000000004277534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2966193a9127d4c12022-01-04 14:18:44.213root 11241100x80000000000000004277535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d602d049b84a762022-01-04 14:18:44.213root 11241100x80000000000000004277536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403960487873fbc22022-01-04 14:18:44.213root 11241100x80000000000000004277537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35b1dbaf63233732022-01-04 14:18:44.710root 11241100x80000000000000004277538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5ad9aa37f6ed142022-01-04 14:18:44.710root 11241100x80000000000000004277539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dfd9d16aca26452022-01-04 14:18:44.710root 11241100x80000000000000004277540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bac71ae70e19362022-01-04 14:18:44.710root 11241100x80000000000000004277541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493f4a1fb118de9b2022-01-04 14:18:44.711root 11241100x80000000000000004277542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1a9cf1af8d69a82022-01-04 14:18:44.711root 11241100x80000000000000004277543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486bfa272b74c2b52022-01-04 14:18:44.711root 11241100x80000000000000004277544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aeb09193854a802022-01-04 14:18:44.711root 11241100x80000000000000004277545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97a50814caeb4dc2022-01-04 14:18:44.711root 11241100x80000000000000004277546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a251b233123b1b32022-01-04 14:18:44.711root 11241100x80000000000000004277547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd1694b0232d2e2022-01-04 14:18:44.712root 11241100x80000000000000004277548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31451d9f9d49981e2022-01-04 14:18:44.712root 11241100x80000000000000004277549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da983d9969bd2a52022-01-04 14:18:44.712root 11241100x80000000000000004277550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7124812e59ed4d492022-01-04 14:18:44.712root 11241100x80000000000000004277551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12834427a412b2552022-01-04 14:18:44.712root 11241100x80000000000000004277552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48125149c400d9212022-01-04 14:18:44.712root 11241100x80000000000000004277553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad9df45caa0cb072022-01-04 14:18:44.712root 11241100x80000000000000004277554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35060aeca838e1d2022-01-04 14:18:44.713root 11241100x80000000000000004277555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495572182079c9d42022-01-04 14:18:44.713root 11241100x80000000000000004277556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50062e9f9b54e4c2022-01-04 14:18:44.713root 11241100x80000000000000004277557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e8834d46f32db72022-01-04 14:18:44.713root 11241100x80000000000000004277558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89d2c99c850e3572022-01-04 14:18:44.713root 11241100x80000000000000004277559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e8e020222333852022-01-04 14:18:44.713root 11241100x80000000000000004277560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae982d716e96db6a2022-01-04 14:18:44.714root 11241100x80000000000000004277561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36b7430821d8012022-01-04 14:18:44.714root 11241100x80000000000000004277562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b9700077e626c2022-01-04 14:18:44.715root 11241100x80000000000000004277563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:44.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0791b3010e38612022-01-04 14:18:44.715root 11241100x80000000000000004277564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2510234dd63b65122022-01-04 14:18:45.210root 11241100x80000000000000004277565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a3f0e5fac12b722022-01-04 14:18:45.210root 11241100x80000000000000004277566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd25a601d4524a2a2022-01-04 14:18:45.210root 11241100x80000000000000004277567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0351596f29d3aa42022-01-04 14:18:45.210root 11241100x80000000000000004277568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b4b36a826a1fd82022-01-04 14:18:45.210root 11241100x80000000000000004277569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369dce47470ee2cd2022-01-04 14:18:45.210root 11241100x80000000000000004277570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51ebfa035873e232022-01-04 14:18:45.210root 11241100x80000000000000004277571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3abc060abd3d6112022-01-04 14:18:45.210root 11241100x80000000000000004277572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229c1d1fc48761072022-01-04 14:18:45.210root 11241100x80000000000000004277573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691c6bd6bc48a2192022-01-04 14:18:45.211root 11241100x80000000000000004277574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c057278111e129e2022-01-04 14:18:45.211root 11241100x80000000000000004277575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3751235a58e9807c2022-01-04 14:18:45.211root 11241100x80000000000000004277576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3440f48bb18f6742022-01-04 14:18:45.211root 11241100x80000000000000004277577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534491adad94ee142022-01-04 14:18:45.211root 11241100x80000000000000004277578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faebcb36a3225bdd2022-01-04 14:18:45.211root 11241100x80000000000000004277579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a79040df016bf2022-01-04 14:18:45.211root 11241100x80000000000000004277580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c233adc00139d12022-01-04 14:18:45.211root 11241100x80000000000000004277581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dcb9fcbba121212022-01-04 14:18:45.211root 11241100x80000000000000004277582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f94992ae2d1ab2022-01-04 14:18:45.211root 11241100x80000000000000004277583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d48f37920566512022-01-04 14:18:45.211root 11241100x80000000000000004277584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa50424f186e77e2022-01-04 14:18:45.211root 11241100x80000000000000004277585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525682c90029df1f2022-01-04 14:18:45.211root 11241100x80000000000000004277586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fe19e0112e9bf32022-01-04 14:18:45.211root 11241100x80000000000000004277587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ab99b63721f482022-01-04 14:18:45.212root 11241100x80000000000000004277588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3179019ac600552022-01-04 14:18:45.212root 11241100x80000000000000004277589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaca40941f6e5dfa2022-01-04 14:18:45.212root 11241100x80000000000000004277590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33ff17eeafc6eb12022-01-04 14:18:45.212root 11241100x80000000000000004277591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a007a89399dfaac2022-01-04 14:18:45.709root 11241100x80000000000000004277592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da90ca377ac3072a2022-01-04 14:18:45.710root 11241100x80000000000000004277593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794059804d8258712022-01-04 14:18:45.710root 11241100x80000000000000004277594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd109108f8adfa62022-01-04 14:18:45.710root 11241100x80000000000000004277595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fc72cabc3651e92022-01-04 14:18:45.710root 11241100x80000000000000004277596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bd7d1c04828f562022-01-04 14:18:45.710root 11241100x80000000000000004277597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c972eaeb5e43162022-01-04 14:18:45.710root 11241100x80000000000000004277598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca042fd4ccab33ab2022-01-04 14:18:45.710root 11241100x80000000000000004277599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d3afb6fbee01952022-01-04 14:18:45.710root 11241100x80000000000000004277600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1d6509e46acc862022-01-04 14:18:45.710root 11241100x80000000000000004277601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398114404333a382022-01-04 14:18:45.710root 11241100x80000000000000004277602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a553156a8c0f2e5e2022-01-04 14:18:45.710root 11241100x80000000000000004277603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d021a2f22263d22022-01-04 14:18:45.710root 11241100x80000000000000004277604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ed8d5eb1845fc02022-01-04 14:18:45.711root 11241100x80000000000000004277605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0fff301110f0602022-01-04 14:18:45.711root 11241100x80000000000000004277606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a239945c502517772022-01-04 14:18:45.711root 11241100x80000000000000004277607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4660479d93e5c4df2022-01-04 14:18:45.711root 11241100x80000000000000004277608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600a150b769fe5822022-01-04 14:18:45.711root 11241100x80000000000000004277609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfb9d29158ec7fc2022-01-04 14:18:45.711root 11241100x80000000000000004277610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e74c02e2e3995942022-01-04 14:18:45.711root 11241100x80000000000000004277611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b8c7d34b72c3042022-01-04 14:18:45.711root 11241100x80000000000000004277612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc75b30b8b13cd32022-01-04 14:18:45.711root 11241100x80000000000000004277613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6a4e3c66eb5d3a2022-01-04 14:18:45.711root 11241100x80000000000000004277614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14a2921288ae5c22022-01-04 14:18:45.711root 11241100x80000000000000004277615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0036c2ab86ae1f2022-01-04 14:18:45.711root 11241100x80000000000000004277616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1739dd629a0444e2022-01-04 14:18:45.711root 11241100x80000000000000004277617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77b96a721bd74de2022-01-04 14:18:45.711root 11241100x80000000000000004277618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:45.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fb6d9a0d794b982022-01-04 14:18:45.712root 11241100x80000000000000004277619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e2e47032d25de92022-01-04 14:18:46.209root 11241100x80000000000000004277620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43db30d115a42d822022-01-04 14:18:46.210root 11241100x80000000000000004277621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bff017301197eef2022-01-04 14:18:46.210root 11241100x80000000000000004277622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dcc9419dbd40402022-01-04 14:18:46.210root 11241100x80000000000000004277623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b676171340013392022-01-04 14:18:46.210root 11241100x80000000000000004277624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0655acd69e9b3ce42022-01-04 14:18:46.210root 11241100x80000000000000004277625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f92a7988e67c0922022-01-04 14:18:46.210root 11241100x80000000000000004277626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e36b35cac58d4b22022-01-04 14:18:46.210root 11241100x80000000000000004277627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acb1b07ce237a9a2022-01-04 14:18:46.210root 11241100x80000000000000004277628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77052998aa7616b12022-01-04 14:18:46.210root 11241100x80000000000000004277629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8cff4cecf41f5f2022-01-04 14:18:46.211root 11241100x80000000000000004277630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be1005ff6b9f8ee2022-01-04 14:18:46.211root 11241100x80000000000000004277631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22299f964ef562fd2022-01-04 14:18:46.211root 11241100x80000000000000004277632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea956dd06ce70e0e2022-01-04 14:18:46.211root 11241100x80000000000000004277633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8302a94567c7771c2022-01-04 14:18:46.211root 11241100x80000000000000004277634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480f2c480d00eaa02022-01-04 14:18:46.211root 11241100x80000000000000004277635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece44d76a22a7c292022-01-04 14:18:46.211root 11241100x80000000000000004277636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51125e4b82a33d452022-01-04 14:18:46.211root 11241100x80000000000000004277637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac2275754ec91242022-01-04 14:18:46.211root 11241100x80000000000000004277638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac2f4f9f2933992022-01-04 14:18:46.211root 11241100x80000000000000004277639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df91a768b08df7bf2022-01-04 14:18:46.212root 11241100x80000000000000004277640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5372e6f677d1262022-01-04 14:18:46.212root 11241100x80000000000000004277641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6ff22fe6a603f32022-01-04 14:18:46.212root 11241100x80000000000000004277642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc05a7f91e5ec082022-01-04 14:18:46.212root 11241100x80000000000000004277643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02164d71452f73072022-01-04 14:18:46.212root 11241100x80000000000000004277644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d37d79fc3f8fb92022-01-04 14:18:46.212root 11241100x80000000000000004277645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a1a6377d89424e2022-01-04 14:18:46.212root 11241100x80000000000000004277646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f69304f1ceb476b2022-01-04 14:18:46.710root 11241100x80000000000000004277647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaff636f189ed93f2022-01-04 14:18:46.710root 11241100x80000000000000004277648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9232a420f50e52472022-01-04 14:18:46.710root 11241100x80000000000000004277649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e830b3c435ff01f02022-01-04 14:18:46.710root 11241100x80000000000000004277650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ab98f8e28ecb062022-01-04 14:18:46.710root 11241100x80000000000000004277651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dbbccd31bcca1b2022-01-04 14:18:46.710root 11241100x80000000000000004277652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca7e7efcf03ff8f2022-01-04 14:18:46.710root 11241100x80000000000000004277653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d66c276c361c52022-01-04 14:18:46.711root 11241100x80000000000000004277654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ee4c42ca7f5e52022-01-04 14:18:46.711root 11241100x80000000000000004277655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814fdcd12a9c6a82022-01-04 14:18:46.711root 11241100x80000000000000004277656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807ed90360ede3062022-01-04 14:18:46.711root 11241100x80000000000000004277657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc2ade0beb25f92022-01-04 14:18:46.711root 11241100x80000000000000004277658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a1e135d6cc09e2022-01-04 14:18:46.711root 11241100x80000000000000004277659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d431b00a2b4f4f862022-01-04 14:18:46.711root 11241100x80000000000000004277660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1625d4457615966b2022-01-04 14:18:46.711root 11241100x80000000000000004277661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be39500c8df0dd2022-01-04 14:18:46.711root 11241100x80000000000000004277662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb764835ec65ce5d2022-01-04 14:18:46.711root 11241100x80000000000000004277663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1c9b6aa1272c762022-01-04 14:18:46.711root 11241100x80000000000000004277664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5d23ca421a776a2022-01-04 14:18:46.711root 11241100x80000000000000004277665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f75786f1904d242022-01-04 14:18:46.712root 11241100x80000000000000004277666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb1daa91976fe42022-01-04 14:18:46.712root 11241100x80000000000000004277667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7d44970748cb6b2022-01-04 14:18:46.712root 11241100x80000000000000004277668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e182b6259889b0b2022-01-04 14:18:46.712root 11241100x80000000000000004277669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44f32db96c390502022-01-04 14:18:46.712root 11241100x80000000000000004277670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c98a4cdd45ec622022-01-04 14:18:46.712root 11241100x80000000000000004277671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1d14379d92bb052022-01-04 14:18:46.712root 11241100x80000000000000004277672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:46.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f11dcfdc7bb3852022-01-04 14:18:46.712root 354300x80000000000000004277673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.111{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41510-false10.0.1.12-8000- 11241100x80000000000000004277674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c462eed1443367fd2022-01-04 14:18:47.112root 11241100x80000000000000004277675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8816f4ec609fbbe42022-01-04 14:18:47.112root 11241100x80000000000000004277676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55deb8d78c1093a02022-01-04 14:18:47.112root 11241100x80000000000000004277677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d53fd83630c20672022-01-04 14:18:47.112root 11241100x80000000000000004277678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3b6429b31304572022-01-04 14:18:47.112root 11241100x80000000000000004277679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.112{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b0fb11f752f702022-01-04 14:18:47.112root 11241100x80000000000000004277680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d561b3d1231b9bc72022-01-04 14:18:47.113root 11241100x80000000000000004277681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ee2dca2c79ee332022-01-04 14:18:47.113root 11241100x80000000000000004277682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734ceddb7bcd079f2022-01-04 14:18:47.113root 11241100x80000000000000004277683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242c0c5972a78a3c2022-01-04 14:18:47.113root 11241100x80000000000000004277684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f7d9621ceb7ffb2022-01-04 14:18:47.113root 11241100x80000000000000004277685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f89f517f4669122022-01-04 14:18:47.113root 11241100x80000000000000004277686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b5b3e4fb5e7e232022-01-04 14:18:47.113root 11241100x80000000000000004277687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc68aa9b126b00c52022-01-04 14:18:47.114root 11241100x80000000000000004277688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca98c0029cb6cf82022-01-04 14:18:47.114root 11241100x80000000000000004277689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b983887da6c10d7d2022-01-04 14:18:47.114root 11241100x80000000000000004277690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b92dc0dda5fd8b2022-01-04 14:18:47.114root 11241100x80000000000000004277691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953a961d695a1e542022-01-04 14:18:47.114root 11241100x80000000000000004277692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dd34898543b3d72022-01-04 14:18:47.114root 11241100x80000000000000004277693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e7658d74587912022-01-04 14:18:47.114root 11241100x80000000000000004277694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd0b222c51c0dd22022-01-04 14:18:47.114root 11241100x80000000000000004277695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2efce840406f4b2022-01-04 14:18:47.114root 11241100x80000000000000004277696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d5c719fc3e13852022-01-04 14:18:47.115root 11241100x80000000000000004277697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f1792101f26d52022-01-04 14:18:47.115root 11241100x80000000000000004277698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3797b04df8b5de052022-01-04 14:18:47.115root 11241100x80000000000000004277699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa76c187c6d196f2022-01-04 14:18:47.115root 11241100x80000000000000004277700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bfabddce7919412022-01-04 14:18:47.115root 11241100x80000000000000004277701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0147ce0d677fe32022-01-04 14:18:47.115root 11241100x80000000000000004277702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00db70d40c0807572022-01-04 14:18:47.115root 11241100x80000000000000004277703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc0871be299c4d2022-01-04 14:18:47.115root 11241100x80000000000000004277704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fac3ccbb284711c2022-01-04 14:18:47.116root 11241100x80000000000000004277705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecafc4e8f771e7f2022-01-04 14:18:47.116root 11241100x80000000000000004277706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512170162ff784fe2022-01-04 14:18:47.116root 11241100x80000000000000004277707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d6cbf7ac62d23f2022-01-04 14:18:47.116root 11241100x80000000000000004277708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e67b07e17d6a2f2022-01-04 14:18:47.459root 11241100x80000000000000004277709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f45b8d996c567282022-01-04 14:18:47.459root 11241100x80000000000000004277710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de1b4f54e51ca592022-01-04 14:18:47.460root 11241100x80000000000000004277711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c7f856a00d92132022-01-04 14:18:47.460root 11241100x80000000000000004277712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb675bf4ebd7e772022-01-04 14:18:47.460root 11241100x80000000000000004277713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8873a01fa7182d6a2022-01-04 14:18:47.460root 11241100x80000000000000004277714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d9c86b7b4ec3692022-01-04 14:18:47.460root 11241100x80000000000000004277715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c982d881e5a86b9f2022-01-04 14:18:47.461root 11241100x80000000000000004277716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2349b7c953ec272022-01-04 14:18:47.461root 11241100x80000000000000004277717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3786b760c83416c2022-01-04 14:18:47.461root 11241100x80000000000000004277718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5209ce2261b37252022-01-04 14:18:47.461root 11241100x80000000000000004277719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482c97d30ca498df2022-01-04 14:18:47.461root 11241100x80000000000000004277720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7323f25db77dd50a2022-01-04 14:18:47.462root 11241100x80000000000000004277721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a310f23e524d5a2022-01-04 14:18:47.462root 11241100x80000000000000004277722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567f6e1e9ad30c162022-01-04 14:18:47.462root 11241100x80000000000000004277723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f8143e1a15d8032022-01-04 14:18:47.462root 11241100x80000000000000004277724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99059997df6632f32022-01-04 14:18:47.462root 11241100x80000000000000004277725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fef51c176c31752022-01-04 14:18:47.462root 11241100x80000000000000004277726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fcd3a1bae503722022-01-04 14:18:47.463root 11241100x80000000000000004277727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c24a144d5eb9972022-01-04 14:18:47.463root 11241100x80000000000000004277728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe40f3662c377982022-01-04 14:18:47.463root 11241100x80000000000000004277729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809f7bb8065545e72022-01-04 14:18:47.463root 11241100x80000000000000004277730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5998b08b0ceca92022-01-04 14:18:47.463root 11241100x80000000000000004277731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c17c6d7829aec62022-01-04 14:18:47.463root 11241100x80000000000000004277732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b243f345cc7e9152022-01-04 14:18:47.463root 11241100x80000000000000004277733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5137f78c6d01622022-01-04 14:18:47.464root 11241100x80000000000000004277734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a83f569498d61f2022-01-04 14:18:47.464root 11241100x80000000000000004277735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c986156f825622022-01-04 14:18:47.464root 11241100x80000000000000004277736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5e8d03c3db71f2022-01-04 14:18:47.464root 11241100x80000000000000004277737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2be885bda7ba632022-01-04 14:18:47.464root 11241100x80000000000000004277738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3aaf360d431b2bd2022-01-04 14:18:47.464root 11241100x80000000000000004277739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7be01bcbb2dddc42022-01-04 14:18:47.464root 11241100x80000000000000004277740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ef0ba2c5ccb7b2022-01-04 14:18:47.959root 11241100x80000000000000004277741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c76353ea4bc072c2022-01-04 14:18:47.959root 11241100x80000000000000004277742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb15fb369f12e42022-01-04 14:18:47.960root 11241100x80000000000000004277743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f007681907222b2022-01-04 14:18:47.960root 11241100x80000000000000004277744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104dbd36cbcb20e92022-01-04 14:18:47.960root 11241100x80000000000000004277745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db76a9651a90fab72022-01-04 14:18:47.960root 11241100x80000000000000004277746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b968aed54d77ff2022-01-04 14:18:47.961root 11241100x80000000000000004277747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ada3706c3bc39e2022-01-04 14:18:47.961root 11241100x80000000000000004277748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1acfc7b2bd6bbe12022-01-04 14:18:47.961root 11241100x80000000000000004277749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2356cc94ddb12e72022-01-04 14:18:47.961root 11241100x80000000000000004277750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d58f0b24f55d922022-01-04 14:18:47.961root 11241100x80000000000000004277751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9225c2375c17922022-01-04 14:18:47.961root 11241100x80000000000000004277752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d23e215fc93de2022-01-04 14:18:47.961root 11241100x80000000000000004277753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60085fd91c22f5f52022-01-04 14:18:47.961root 11241100x80000000000000004277754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e823230f5f5aaca62022-01-04 14:18:47.962root 11241100x80000000000000004277755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ba842b2ec06e202022-01-04 14:18:47.962root 11241100x80000000000000004277756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235e6d318b2e21512022-01-04 14:18:47.962root 11241100x80000000000000004277757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103efee281701be22022-01-04 14:18:47.962root 11241100x80000000000000004277758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8932e029e4d1762022-01-04 14:18:47.962root 11241100x80000000000000004277759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3206ece7f01bdf332022-01-04 14:18:47.962root 11241100x80000000000000004277760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec9488a0a8db4b42022-01-04 14:18:47.963root 11241100x80000000000000004277761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b0f5ed82a362042022-01-04 14:18:47.963root 11241100x80000000000000004277762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d922adebbc5726bd2022-01-04 14:18:47.963root 11241100x80000000000000004277763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd5d6afcf437b9e2022-01-04 14:18:47.963root 11241100x80000000000000004277764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143ddc8c5c8db99d2022-01-04 14:18:47.963root 11241100x80000000000000004277765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a3bb68dc259322022-01-04 14:18:47.963root 11241100x80000000000000004277766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a200714b203da80c2022-01-04 14:18:47.964root 11241100x80000000000000004277767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96925f8799eddda22022-01-04 14:18:47.964root 11241100x80000000000000004277768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44616e22bbab06b22022-01-04 14:18:47.964root 11241100x80000000000000004277769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2e833e3ec7bffe2022-01-04 14:18:48.459root 11241100x80000000000000004277770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b747d13251da192022-01-04 14:18:48.460root 11241100x80000000000000004277771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8ecd83738afcff2022-01-04 14:18:48.460root 11241100x80000000000000004277772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711a9b7b58fd88622022-01-04 14:18:48.460root 11241100x80000000000000004277773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a4ee6d299fe0a02022-01-04 14:18:48.460root 11241100x80000000000000004277774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56887219f3ebe2432022-01-04 14:18:48.461root 11241100x80000000000000004277775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a853a0396d274c32022-01-04 14:18:48.461root 11241100x80000000000000004277776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b4c4d5d090590a2022-01-04 14:18:48.461root 11241100x80000000000000004277777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a38eaaf0d7ecff2022-01-04 14:18:48.461root 11241100x80000000000000004277778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5db9aa82549e6c2022-01-04 14:18:48.461root 11241100x80000000000000004277779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e937c4417f2b2bb2022-01-04 14:18:48.461root 11241100x80000000000000004277780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c953575bc4b84742022-01-04 14:18:48.461root 11241100x80000000000000004277781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c03beca173ec362022-01-04 14:18:48.461root 11241100x80000000000000004277782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9c23c7f62554492022-01-04 14:18:48.461root 11241100x80000000000000004277783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f058a11127c5c62022-01-04 14:18:48.461root 11241100x80000000000000004277784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526c2c231d8d9722022-01-04 14:18:48.461root 11241100x80000000000000004277785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d344e34a36d72a4e2022-01-04 14:18:48.461root 11241100x80000000000000004277786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80b014794c995832022-01-04 14:18:48.461root 11241100x80000000000000004277787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a096a627c44b392022-01-04 14:18:48.462root 11241100x80000000000000004277788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e367f5f4263942022-01-04 14:18:48.462root 11241100x80000000000000004277789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900855004efd491a2022-01-04 14:18:48.462root 11241100x80000000000000004277790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f420fc0dd65a8bf2022-01-04 14:18:48.462root 11241100x80000000000000004277791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09925c7adf5a1af2022-01-04 14:18:48.462root 11241100x80000000000000004277792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189140ff241c846a2022-01-04 14:18:48.462root 11241100x80000000000000004277793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f445286d3c4275182022-01-04 14:18:48.462root 11241100x80000000000000004277794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4da553bce296e022022-01-04 14:18:48.462root 11241100x80000000000000004277795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d9c55f30921a882022-01-04 14:18:48.462root 11241100x80000000000000004277796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71137634bf125462022-01-04 14:18:48.462root 11241100x80000000000000004277797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2883d5ecd6870f2022-01-04 14:18:48.462root 11241100x80000000000000004277798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d467120aae70882022-01-04 14:18:48.462root 11241100x80000000000000004277799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df49b5f6f0af10a2022-01-04 14:18:48.960root 11241100x80000000000000004277800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdf12a1129c6f112022-01-04 14:18:48.960root 11241100x80000000000000004277801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25b28a7a1fdb3d2022-01-04 14:18:48.960root 11241100x80000000000000004277802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9678e5610537db7a2022-01-04 14:18:48.960root 11241100x80000000000000004277803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d8c10f9af796fd2022-01-04 14:18:48.960root 11241100x80000000000000004277804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e2b619aaeba3152022-01-04 14:18:48.960root 11241100x80000000000000004277805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee7611d466366e2022-01-04 14:18:48.960root 11241100x80000000000000004277806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5f7e3f47d484c2022-01-04 14:18:48.961root 11241100x80000000000000004277807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae80dd593c8361bc2022-01-04 14:18:48.961root 11241100x80000000000000004277808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91d620a6a0672b2022-01-04 14:18:48.961root 11241100x80000000000000004277809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445cfa4c8dfe22b32022-01-04 14:18:48.961root 11241100x80000000000000004277810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a736ed073e987c82022-01-04 14:18:48.961root 11241100x80000000000000004277811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f72cf4e307c6272022-01-04 14:18:48.961root 11241100x80000000000000004277812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9df35eef48f8fd2022-01-04 14:18:48.961root 11241100x80000000000000004277813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab2583260785f762022-01-04 14:18:48.961root 11241100x80000000000000004277814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4ee72145e9c7652022-01-04 14:18:48.961root 11241100x80000000000000004277815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ed9d89fdef96e2022-01-04 14:18:48.961root 11241100x80000000000000004277816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ac346a1862bb002022-01-04 14:18:48.961root 11241100x80000000000000004277817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c825f6f887e892022-01-04 14:18:48.961root 11241100x80000000000000004277818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab1c438c39db2ee2022-01-04 14:18:48.961root 11241100x80000000000000004277819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d14cd2543a87352022-01-04 14:18:48.961root 11241100x80000000000000004277820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e038a89e1aacb8a22022-01-04 14:18:48.961root 11241100x80000000000000004277821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ebf026b2ced0472022-01-04 14:18:48.962root 11241100x80000000000000004277822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a537cc198a28c522022-01-04 14:18:48.962root 11241100x80000000000000004277823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d33de7b50d8f4cd2022-01-04 14:18:48.962root 11241100x80000000000000004277824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f349117af1f5722022-01-04 14:18:48.962root 11241100x80000000000000004277825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9296d1272dbf856a2022-01-04 14:18:48.962root 11241100x80000000000000004277826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bff850ccaea13a2022-01-04 14:18:48.962root 11241100x80000000000000004277827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3bf80c3f6365be2022-01-04 14:18:49.459root 11241100x80000000000000004277828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3d144371bbd5942022-01-04 14:18:49.459root 11241100x80000000000000004277829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f97986a090dce32022-01-04 14:18:49.459root 11241100x80000000000000004277830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c86e315980b6b32022-01-04 14:18:49.459root 11241100x80000000000000004277831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95fc8a4094217ae2022-01-04 14:18:49.460root 11241100x80000000000000004277832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c37d470c3cb5ee2022-01-04 14:18:49.460root 11241100x80000000000000004277833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9982cb22fc483f0a2022-01-04 14:18:49.460root 11241100x80000000000000004277834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9668a52164156a8b2022-01-04 14:18:49.460root 11241100x80000000000000004277835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b96af72ffb65252022-01-04 14:18:49.460root 11241100x80000000000000004277836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e70d3f8d5b8f9d2022-01-04 14:18:49.460root 11241100x80000000000000004277837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4281e93bbb1e2a9e2022-01-04 14:18:49.460root 11241100x80000000000000004277838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec925dc8208ce22022-01-04 14:18:49.460root 11241100x80000000000000004277839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608619fa633417eb2022-01-04 14:18:49.460root 11241100x80000000000000004277840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a2fa60ebd1df372022-01-04 14:18:49.460root 11241100x80000000000000004277841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3531174c946213c32022-01-04 14:18:49.461root 11241100x80000000000000004277842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ab44ac2b58a90b2022-01-04 14:18:49.461root 11241100x80000000000000004277843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17540e9ef76a96e2022-01-04 14:18:49.461root 11241100x80000000000000004277844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b234e82d97c89f2022-01-04 14:18:49.461root 11241100x80000000000000004277845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9548335f7fb076922022-01-04 14:18:49.461root 11241100x80000000000000004277846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed94107066cdfe92022-01-04 14:18:49.461root 11241100x80000000000000004277847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75e0151faff01432022-01-04 14:18:49.461root 11241100x80000000000000004277848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b2008b3a172c912022-01-04 14:18:49.461root 11241100x80000000000000004277849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0456292ce099d02022-01-04 14:18:49.461root 11241100x80000000000000004277850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a7a5d7c070a0bb2022-01-04 14:18:49.461root 11241100x80000000000000004277851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b072fdb19a3b0f2022-01-04 14:18:49.462root 11241100x80000000000000004277852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c612a8582240182022-01-04 14:18:49.462root 11241100x80000000000000004277853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb92d12a631c62912022-01-04 14:18:49.462root 11241100x80000000000000004277854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1914d1df77943422022-01-04 14:18:49.462root 11241100x80000000000000004277855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a200abcfff0101652022-01-04 14:18:49.462root 11241100x80000000000000004277856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4680cb87e08d502022-01-04 14:18:49.462root 11241100x80000000000000004277857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7966e016d2278c2022-01-04 14:18:49.959root 11241100x80000000000000004277858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ef7b61c5f560ce2022-01-04 14:18:49.959root 11241100x80000000000000004277859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdcad81746eabcc2022-01-04 14:18:49.959root 11241100x80000000000000004277860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a3b39cfe2261d72022-01-04 14:18:49.959root 11241100x80000000000000004277861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652d1491946f19c42022-01-04 14:18:49.959root 11241100x80000000000000004277862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea720baa2fa8dd912022-01-04 14:18:49.960root 11241100x80000000000000004277863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7689dd2b8fb2932022-01-04 14:18:49.960root 11241100x80000000000000004277864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb9204947a89c4a2022-01-04 14:18:49.960root 11241100x80000000000000004277865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8d5048eadf6ace2022-01-04 14:18:49.960root 11241100x80000000000000004277866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c428ce2b95926932022-01-04 14:18:49.960root 11241100x80000000000000004277867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f64d12664aea802022-01-04 14:18:49.960root 11241100x80000000000000004277868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e984e62bbf4129a42022-01-04 14:18:49.960root 11241100x80000000000000004277869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a7850660102b772022-01-04 14:18:49.960root 11241100x80000000000000004277870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d0278e44104d672022-01-04 14:18:49.960root 11241100x80000000000000004277871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a0212fc0b7ad3a2022-01-04 14:18:49.961root 11241100x80000000000000004277872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c341990957deaf9c2022-01-04 14:18:49.961root 11241100x80000000000000004277873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c908984875f7f9612022-01-04 14:18:49.961root 11241100x80000000000000004277874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a9df53860af2762022-01-04 14:18:49.961root 11241100x80000000000000004277875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c029b49c9e325aaf2022-01-04 14:18:49.961root 11241100x80000000000000004277876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3d0f76919414362022-01-04 14:18:49.961root 11241100x80000000000000004277877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ebf6ed8f597862022-01-04 14:18:49.961root 11241100x80000000000000004277878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd80bfba04640f2022-01-04 14:18:49.961root 11241100x80000000000000004277879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50df8c9cd237d042022-01-04 14:18:49.961root 11241100x80000000000000004277880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad699505fa0b7132022-01-04 14:18:49.961root 11241100x80000000000000004277881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e10ed7b842a35b2022-01-04 14:18:49.962root 11241100x80000000000000004277882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363404da5b0bc5052022-01-04 14:18:49.962root 11241100x80000000000000004277883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895f7bedf2fadca62022-01-04 14:18:49.962root 11241100x80000000000000004277884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775477718c2eb6e2022-01-04 14:18:49.962root 11241100x80000000000000004277885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d8fc8da249184a2022-01-04 14:18:49.962root 11241100x80000000000000004277886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea67453c7db8de72022-01-04 14:18:49.962root 11241100x80000000000000004277887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7382542c401d95cc2022-01-04 14:18:49.962root 11241100x80000000000000004277888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a24611abee0bff2022-01-04 14:18:49.962root 11241100x80000000000000004277889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfbae1eea39dd572022-01-04 14:18:49.962root 11241100x80000000000000004277890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb0de72bac1fe602022-01-04 14:18:49.963root 11241100x80000000000000004277891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735926cca37132c02022-01-04 14:18:50.459root 11241100x80000000000000004277892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ecdff7b5a830a72022-01-04 14:18:50.460root 11241100x80000000000000004277893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1229ee27e6a80dc52022-01-04 14:18:50.460root 11241100x80000000000000004277894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad25e6f00a55ad9e2022-01-04 14:18:50.460root 11241100x80000000000000004277895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad546881870a252022-01-04 14:18:50.460root 11241100x80000000000000004277896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8629cedfaee7ce2022-01-04 14:18:50.460root 11241100x80000000000000004277897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1da426d903a0be52022-01-04 14:18:50.460root 11241100x80000000000000004277898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc0e4eb37dbddd02022-01-04 14:18:50.460root 11241100x80000000000000004277899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fbf4c3849009252022-01-04 14:18:50.460root 11241100x80000000000000004277900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f820cccd79c3e1992022-01-04 14:18:50.461root 11241100x80000000000000004277901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6c6785d14bb6cd2022-01-04 14:18:50.461root 11241100x80000000000000004277902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c7f45fa89e12832022-01-04 14:18:50.461root 11241100x80000000000000004277903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5455c0abe9a3512022-01-04 14:18:50.461root 11241100x80000000000000004277904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2ea622e18b8f032022-01-04 14:18:50.461root 11241100x80000000000000004277905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71be47717cf59542022-01-04 14:18:50.461root 11241100x80000000000000004277906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1c4c30f5e362d42022-01-04 14:18:50.461root 11241100x80000000000000004277907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ccbbcadd8be2582022-01-04 14:18:50.462root 11241100x80000000000000004277908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e2c2bd8c428c3a2022-01-04 14:18:50.462root 11241100x80000000000000004277909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91ac4fd40b97e702022-01-04 14:18:50.462root 11241100x80000000000000004277910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0859e967c3de6d2022-01-04 14:18:50.462root 11241100x80000000000000004277911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25e902ba33c87672022-01-04 14:18:50.462root 11241100x80000000000000004277912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80e604869970c532022-01-04 14:18:50.462root 11241100x80000000000000004277913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a4387308b270312022-01-04 14:18:50.462root 11241100x80000000000000004277914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e51df2abc0bd53e2022-01-04 14:18:50.462root 11241100x80000000000000004277915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddb9c5b68b9af652022-01-04 14:18:50.462root 11241100x80000000000000004277916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f627cfecabf431ea2022-01-04 14:18:50.462root 11241100x80000000000000004277917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f541f25b3b6d0312022-01-04 14:18:50.462root 11241100x80000000000000004277918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d9a6d30ea433da2022-01-04 14:18:50.462root 11241100x80000000000000004277919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f9627af1fdcf472022-01-04 14:18:50.463root 11241100x80000000000000004277920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12336514c778600f2022-01-04 14:18:50.959root 11241100x80000000000000004277921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795c09c57c7ca8f62022-01-04 14:18:50.960root 11241100x80000000000000004277922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f8c931060558ee2022-01-04 14:18:50.960root 11241100x80000000000000004277923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6b10a00d6ae3142022-01-04 14:18:50.960root 11241100x80000000000000004277924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b68984ef08c5872022-01-04 14:18:50.960root 11241100x80000000000000004277925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4e182ce90fc1b72022-01-04 14:18:50.960root 11241100x80000000000000004277926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b6dcd8ece461fc2022-01-04 14:18:50.960root 11241100x80000000000000004277927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95df78525dc7c9072022-01-04 14:18:50.960root 11241100x80000000000000004277928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea77de4f7b0eed1d2022-01-04 14:18:50.960root 11241100x80000000000000004277929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db59f449e9fc542e2022-01-04 14:18:50.960root 11241100x80000000000000004277930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55008bce1d8382152022-01-04 14:18:50.960root 11241100x80000000000000004277931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03622eadc5538ee42022-01-04 14:18:50.961root 11241100x80000000000000004277932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8161c513a51d211a2022-01-04 14:18:50.961root 11241100x80000000000000004277933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01dc4855d738de62022-01-04 14:18:50.961root 11241100x80000000000000004277934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b4e70c6c91132f2022-01-04 14:18:50.961root 11241100x80000000000000004277935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30407c8afde53f02022-01-04 14:18:50.961root 11241100x80000000000000004277936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bccf92b9c6d0b962022-01-04 14:18:50.961root 11241100x80000000000000004277937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab7a27b3714fad52022-01-04 14:18:50.961root 11241100x80000000000000004277938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb32cf5a7756b992022-01-04 14:18:50.961root 11241100x80000000000000004277939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fba44180ff4974a2022-01-04 14:18:50.961root 11241100x80000000000000004277940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6072090b70fb142022-01-04 14:18:50.961root 11241100x80000000000000004277941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b36e0f782bd5f1a2022-01-04 14:18:50.961root 11241100x80000000000000004277942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80803154006c401d2022-01-04 14:18:50.961root 11241100x80000000000000004277943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac998fbe8895c42022-01-04 14:18:50.962root 11241100x80000000000000004277944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad667e597dc2802022-01-04 14:18:50.962root 11241100x80000000000000004277945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef0abcf4b55963b2022-01-04 14:18:50.962root 11241100x80000000000000004277946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75479be42db8e3d22022-01-04 14:18:50.962root 11241100x80000000000000004277947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae3ad28dbb9f1472022-01-04 14:18:50.962root 11241100x80000000000000004277948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0bb01711a60ee82022-01-04 14:18:50.962root 11241100x80000000000000004277949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eba0a45c947ef3f2022-01-04 14:18:51.459root 11241100x80000000000000004277950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f05ef62323bd3df2022-01-04 14:18:51.459root 11241100x80000000000000004277951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13162f47dd02789b2022-01-04 14:18:51.459root 11241100x80000000000000004277952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b468e5e7525e392022-01-04 14:18:51.459root 11241100x80000000000000004277953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edca53278658c5c2022-01-04 14:18:51.459root 11241100x80000000000000004277954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbdd3de4850973e2022-01-04 14:18:51.459root 11241100x80000000000000004277955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37011357f510f8ea2022-01-04 14:18:51.460root 11241100x80000000000000004277956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846d2210d615d01d2022-01-04 14:18:51.460root 11241100x80000000000000004277957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6090f9aebae62b2022-01-04 14:18:51.460root 11241100x80000000000000004277958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9052c1d27d221552022-01-04 14:18:51.460root 11241100x80000000000000004277959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9b844427912ed02022-01-04 14:18:51.460root 11241100x80000000000000004277960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601b2937d09d78e52022-01-04 14:18:51.460root 11241100x80000000000000004277961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b78096be75933452022-01-04 14:18:51.460root 11241100x80000000000000004277962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae6e9582826b5ba2022-01-04 14:18:51.460root 11241100x80000000000000004277963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f81eeba85ca2e2c2022-01-04 14:18:51.460root 11241100x80000000000000004277964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe06e908a5131842022-01-04 14:18:51.460root 11241100x80000000000000004277965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee474859f35517422022-01-04 14:18:51.460root 11241100x80000000000000004277966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84eb5fc01803b1c2022-01-04 14:18:51.460root 11241100x80000000000000004277967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d60ecf180959332022-01-04 14:18:51.461root 11241100x80000000000000004277968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e364a5c4c83bfef32022-01-04 14:18:51.461root 11241100x80000000000000004277969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06188435fbfef8b22022-01-04 14:18:51.461root 11241100x80000000000000004277970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac5951a65b5cc82022-01-04 14:18:51.461root 11241100x80000000000000004277971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5222ac3fa416e9352022-01-04 14:18:51.461root 11241100x80000000000000004277972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa891f1456efd98d2022-01-04 14:18:51.461root 11241100x80000000000000004277973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c93ae3e1f79bb552022-01-04 14:18:51.461root 11241100x80000000000000004277974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfe063b89c390752022-01-04 14:18:51.461root 11241100x80000000000000004277975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7703c25707bf00e82022-01-04 14:18:51.461root 11241100x80000000000000004277976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce48556404ed0ed32022-01-04 14:18:51.461root 11241100x80000000000000004277977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7292c36b9343baa52022-01-04 14:18:51.461root 11241100x80000000000000004277978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29fe035ac8ec89c2022-01-04 14:18:51.461root 11241100x80000000000000004277979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7e5563356eeb532022-01-04 14:18:51.461root 11241100x80000000000000004277980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c88daed3d4a60f2022-01-04 14:18:51.462root 11241100x80000000000000004277981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63143f26d2b59f092022-01-04 14:18:51.462root 11241100x80000000000000004277982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23429991ffecb13b2022-01-04 14:18:51.960root 11241100x80000000000000004277983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817bad26ec0462952022-01-04 14:18:51.960root 11241100x80000000000000004277984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ac68e7144af8092022-01-04 14:18:51.960root 11241100x80000000000000004277985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8addc8e3c4a8f3e82022-01-04 14:18:51.960root 11241100x80000000000000004277986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e153df231a38ae2022-01-04 14:18:51.960root 11241100x80000000000000004277987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c26d052a721f3072022-01-04 14:18:51.960root 11241100x80000000000000004277988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6528d8f3d9c8d4f42022-01-04 14:18:51.960root 11241100x80000000000000004277989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a4d6692da4f3d42022-01-04 14:18:51.960root 11241100x80000000000000004277990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3086e6de69cddcd2022-01-04 14:18:51.961root 11241100x80000000000000004277991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80f8776d23318532022-01-04 14:18:51.961root 11241100x80000000000000004277992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2a3e8a8e8c0e172022-01-04 14:18:51.961root 11241100x80000000000000004277993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d0846b1771f4442022-01-04 14:18:51.961root 11241100x80000000000000004277994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658b74501d44d42a2022-01-04 14:18:51.961root 11241100x80000000000000004277995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f756c54920485f2022-01-04 14:18:51.961root 11241100x80000000000000004277996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd09b0a02289e5382022-01-04 14:18:51.961root 11241100x80000000000000004277997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945384613a6cfc6e2022-01-04 14:18:51.961root 11241100x80000000000000004277998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb96ac3d1c4a85c2022-01-04 14:18:51.961root 11241100x80000000000000004277999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c621a28d5c10ef052022-01-04 14:18:51.961root 11241100x80000000000000004278000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90bb3f18824c8982022-01-04 14:18:51.961root 11241100x80000000000000004278001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9bd25c564778c72022-01-04 14:18:51.962root 11241100x80000000000000004278002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e98635e18c240f52022-01-04 14:18:51.962root 11241100x80000000000000004278003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88157e567cb58162022-01-04 14:18:51.962root 11241100x80000000000000004278004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f62be88f554d282022-01-04 14:18:51.962root 11241100x80000000000000004278005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630de95a37bd694d2022-01-04 14:18:51.962root 11241100x80000000000000004278006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6331ec41ad1f95dd2022-01-04 14:18:51.962root 11241100x80000000000000004278007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c013231ab17575d2022-01-04 14:18:51.962root 11241100x80000000000000004278008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d512f85c279309e62022-01-04 14:18:51.962root 11241100x80000000000000004278009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d440770c6776362022-01-04 14:18:51.962root 354300x80000000000000004278010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.136{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41512-false10.0.1.12-8000- 11241100x80000000000000004278011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369622f542b131ac2022-01-04 14:18:52.459root 11241100x80000000000000004278012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43c2665d04935fd2022-01-04 14:18:52.460root 11241100x80000000000000004278013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e1b47d7bfbed792022-01-04 14:18:52.460root 11241100x80000000000000004278014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76661012a556ee4b2022-01-04 14:18:52.460root 11241100x80000000000000004278015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452349110db57ca52022-01-04 14:18:52.460root 11241100x80000000000000004278016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab710ade2eb193692022-01-04 14:18:52.461root 11241100x80000000000000004278017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92638e27adc23c812022-01-04 14:18:52.461root 11241100x80000000000000004278018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889750e2371f03fa2022-01-04 14:18:52.461root 11241100x80000000000000004278019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00dec68e872e4ab2022-01-04 14:18:52.461root 11241100x80000000000000004278020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610f3b3857626d672022-01-04 14:18:52.461root 11241100x80000000000000004278021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd97a66660d7e02022-01-04 14:18:52.461root 11241100x80000000000000004278022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd917fb6a765d2d2022-01-04 14:18:52.462root 11241100x80000000000000004278023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578a3c3a6f7261eb2022-01-04 14:18:52.462root 11241100x80000000000000004278024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bd544b1ee58e722022-01-04 14:18:52.462root 11241100x80000000000000004278025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13812eaa3a4abbdd2022-01-04 14:18:52.462root 11241100x80000000000000004278026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001db6cbebb59d5e2022-01-04 14:18:52.462root 11241100x80000000000000004278027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d239329964ddd32022-01-04 14:18:52.462root 11241100x80000000000000004278028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f968c42792ecb3972022-01-04 14:18:52.462root 11241100x80000000000000004278029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b433d75063bd3f732022-01-04 14:18:52.462root 11241100x80000000000000004278030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21d10195107f91b2022-01-04 14:18:52.462root 11241100x80000000000000004278031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db182d97b8eecdd42022-01-04 14:18:52.462root 11241100x80000000000000004278032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e81d1f1bd817542022-01-04 14:18:52.462root 11241100x80000000000000004278033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175849150c07ed792022-01-04 14:18:52.462root 11241100x80000000000000004278034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49459cd8ec2baee82022-01-04 14:18:52.462root 11241100x80000000000000004278035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c660696a408eb12022-01-04 14:18:52.462root 11241100x80000000000000004278036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b606dbfbd456162022-01-04 14:18:52.462root 11241100x80000000000000004278037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe5e69a4ec767672022-01-04 14:18:52.463root 11241100x80000000000000004278038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7693c504c40b8c3d2022-01-04 14:18:52.463root 11241100x80000000000000004278039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0865e6db2be8098f2022-01-04 14:18:52.463root 11241100x80000000000000004278040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d3cbc1c32249622022-01-04 14:18:52.959root 11241100x80000000000000004278041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8af7e7703655612022-01-04 14:18:52.960root 11241100x80000000000000004278042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ba9f502203fa142022-01-04 14:18:52.960root 11241100x80000000000000004278043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6977d41e3fd562012022-01-04 14:18:52.960root 11241100x80000000000000004278044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae5e54aedd562112022-01-04 14:18:52.960root 11241100x80000000000000004278045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9588b1cd830b44f62022-01-04 14:18:52.960root 11241100x80000000000000004278046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05db43447e41fcd82022-01-04 14:18:52.961root 11241100x80000000000000004278047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db33c5b11636e9692022-01-04 14:18:52.961root 11241100x80000000000000004278048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4818fc4fd9daa4cf2022-01-04 14:18:52.961root 11241100x80000000000000004278049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a272a9460d187c2022-01-04 14:18:52.961root 11241100x80000000000000004278050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8ba84b51191dc32022-01-04 14:18:52.961root 11241100x80000000000000004278051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2d4cc7efd3d6322022-01-04 14:18:52.961root 11241100x80000000000000004278052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b608ed8f9bf73b252022-01-04 14:18:52.962root 11241100x80000000000000004278053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f2ddc0a0e7f0f2022-01-04 14:18:52.962root 11241100x80000000000000004278054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff0aea233f32ddd2022-01-04 14:18:52.962root 11241100x80000000000000004278055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8b91f478f535912022-01-04 14:18:52.962root 11241100x80000000000000004278056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085dbf04288c83772022-01-04 14:18:52.962root 11241100x80000000000000004278057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ca754bea3b0a912022-01-04 14:18:52.962root 11241100x80000000000000004278058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89b6e9daac9fad2022-01-04 14:18:52.962root 11241100x80000000000000004278059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c49dc29ac57792022-01-04 14:18:52.962root 11241100x80000000000000004278060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7a237a5d7709632022-01-04 14:18:52.962root 11241100x80000000000000004278061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890af28dca4f55252022-01-04 14:18:52.963root 11241100x80000000000000004278062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2397a285cb0ce6e52022-01-04 14:18:52.963root 11241100x80000000000000004278063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4142dd259e2ebaf72022-01-04 14:18:52.963root 11241100x80000000000000004278064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60761f3963853ffd2022-01-04 14:18:52.963root 11241100x80000000000000004278065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873912e275feb3ba2022-01-04 14:18:52.963root 11241100x80000000000000004278066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a018c770b588f0b22022-01-04 14:18:52.963root 11241100x80000000000000004278067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db4f743d68d370a2022-01-04 14:18:52.963root 11241100x80000000000000004278068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e598552402c3d92022-01-04 14:18:52.963root 11241100x80000000000000004278069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd887b328419d4982022-01-04 14:18:52.963root 11241100x80000000000000004278070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7458fb4cb69c1d6d2022-01-04 14:18:53.459root 11241100x80000000000000004278071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b87401f720160d2022-01-04 14:18:53.459root 11241100x80000000000000004278072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e50a104d832ebf2022-01-04 14:18:53.459root 11241100x80000000000000004278073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a596fae19eda6c2022-01-04 14:18:53.460root 11241100x80000000000000004278074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc59961b2eecbee2022-01-04 14:18:53.460root 11241100x80000000000000004278075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5715dbd5528b0c22022-01-04 14:18:53.460root 11241100x80000000000000004278076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51dd995f00d80792022-01-04 14:18:53.460root 11241100x80000000000000004278077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a958a5dac608c5bd2022-01-04 14:18:53.460root 11241100x80000000000000004278078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a3d20831d306592022-01-04 14:18:53.460root 11241100x80000000000000004278079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d944b14d81b0fa2022-01-04 14:18:53.461root 11241100x80000000000000004278080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c3bceb0b710ca72022-01-04 14:18:53.461root 11241100x80000000000000004278081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980b53c4fb702d9c2022-01-04 14:18:53.461root 11241100x80000000000000004278082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62793f43b67972e2022-01-04 14:18:53.461root 11241100x80000000000000004278083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f34bf5b7495b4a2022-01-04 14:18:53.462root 11241100x80000000000000004278084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef4fc59f9b33a912022-01-04 14:18:53.462root 11241100x80000000000000004278085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2079bf332c419d722022-01-04 14:18:53.462root 11241100x80000000000000004278086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5022f80dd2696fa2022-01-04 14:18:53.462root 11241100x80000000000000004278087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64d9b1bc3a466192022-01-04 14:18:53.462root 11241100x80000000000000004278088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b15aaca0581d97b2022-01-04 14:18:53.462root 11241100x80000000000000004278089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53f6c55ca3826232022-01-04 14:18:53.462root 11241100x80000000000000004278090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6ffab23ade62022022-01-04 14:18:53.462root 11241100x80000000000000004278091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eb5b82f49c38512022-01-04 14:18:53.462root 11241100x80000000000000004278092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deada8455c339e12022-01-04 14:18:53.462root 11241100x80000000000000004278093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6e788bfd4840bd2022-01-04 14:18:53.462root 11241100x80000000000000004278094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f120e6cf78dddff02022-01-04 14:18:53.462root 11241100x80000000000000004278095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f52569c6182a6472022-01-04 14:18:53.463root 11241100x80000000000000004278096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa86a46b17afb6562022-01-04 14:18:53.463root 11241100x80000000000000004278097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152a0e5438b9bec82022-01-04 14:18:53.463root 11241100x80000000000000004278098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b135d6796dcd7282022-01-04 14:18:53.463root 11241100x80000000000000004278099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8998ca076b40302b2022-01-04 14:18:53.463root 11241100x80000000000000004278100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e147f9f62aa592d2022-01-04 14:18:53.463root 11241100x80000000000000004278101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3a07e52c48454e2022-01-04 14:18:53.463root 11241100x80000000000000004278102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf1665b82ef8412022-01-04 14:18:53.463root 11241100x80000000000000004278103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfac9c4b6c3cf1172022-01-04 14:18:53.463root 11241100x80000000000000004278104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e9e6678c99cb032022-01-04 14:18:53.959root 11241100x80000000000000004278105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9bbd4d6a50aeec2022-01-04 14:18:53.959root 11241100x80000000000000004278106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c522729d7aa0e52022-01-04 14:18:53.959root 11241100x80000000000000004278107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35324ae64bd8e9232022-01-04 14:18:53.959root 11241100x80000000000000004278108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd66887ab1ca0432022-01-04 14:18:53.959root 11241100x80000000000000004278109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26730bb04788da62022-01-04 14:18:53.959root 11241100x80000000000000004278110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6281f968f0adb6972022-01-04 14:18:53.959root 11241100x80000000000000004278111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fff3c2a729b4132022-01-04 14:18:53.960root 11241100x80000000000000004278112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe3808d922ba3ff2022-01-04 14:18:53.960root 11241100x80000000000000004278113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30ed1e09229d0be2022-01-04 14:18:53.960root 11241100x80000000000000004278114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac63d7acf2e100492022-01-04 14:18:53.960root 11241100x80000000000000004278115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7753543f1021bb92022-01-04 14:18:53.960root 11241100x80000000000000004278116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27158d1aec3b0dc52022-01-04 14:18:53.960root 11241100x80000000000000004278117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2e81ead893f0e82022-01-04 14:18:53.960root 11241100x80000000000000004278118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0450bf617354db1f2022-01-04 14:18:53.960root 11241100x80000000000000004278119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cac2928b57ed292022-01-04 14:18:53.960root 11241100x80000000000000004278120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7576493457c8892022-01-04 14:18:53.960root 11241100x80000000000000004278121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee1cc5e19f5f8d2022-01-04 14:18:53.961root 11241100x80000000000000004278122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03cd64d15633b0a2022-01-04 14:18:53.961root 11241100x80000000000000004278123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5214b1402806742022-01-04 14:18:53.961root 11241100x80000000000000004278124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f794c271baf212022-01-04 14:18:53.961root 11241100x80000000000000004278125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a497a125c7f3b44f2022-01-04 14:18:53.961root 11241100x80000000000000004278126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92700d564b1730b2022-01-04 14:18:53.961root 11241100x80000000000000004278127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d9ec149658b462022-01-04 14:18:53.961root 11241100x80000000000000004278128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86923b40a2976d272022-01-04 14:18:53.961root 11241100x80000000000000004278129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902757ff261463882022-01-04 14:18:53.961root 11241100x80000000000000004278130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1cc57afddf1d5b2022-01-04 14:18:53.961root 11241100x80000000000000004278131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8125654ae6d27c62022-01-04 14:18:53.961root 11241100x80000000000000004278132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923e9673fcfafd5b2022-01-04 14:18:53.962root 11241100x80000000000000004278133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfc6c09233dcdc62022-01-04 14:18:53.962root 11241100x80000000000000004278134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a2986984a22f12022-01-04 14:18:53.962root 11241100x80000000000000004278135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f73afa11485d3b32022-01-04 14:18:53.962root 11241100x80000000000000004278136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca31df604afab92022-01-04 14:18:53.962root 11241100x80000000000000004278137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee6c116c47766d72022-01-04 14:18:53.962root 11241100x80000000000000004278138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8130f8126dfa1a2022-01-04 14:18:54.459root 11241100x80000000000000004278139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a24d3f89cbeb772022-01-04 14:18:54.459root 11241100x80000000000000004278140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f607a4d3feec9efe2022-01-04 14:18:54.460root 11241100x80000000000000004278141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4a347a5e75f5592022-01-04 14:18:54.460root 11241100x80000000000000004278142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b87e09cbace0c32022-01-04 14:18:54.460root 11241100x80000000000000004278143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9276d78df4d5da2022-01-04 14:18:54.460root 11241100x80000000000000004278144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a21675d16878db92022-01-04 14:18:54.460root 11241100x80000000000000004278145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ee53ce34602d282022-01-04 14:18:54.460root 11241100x80000000000000004278146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd64f6855e528552022-01-04 14:18:54.460root 11241100x80000000000000004278147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e42317fa7e7902022-01-04 14:18:54.460root 11241100x80000000000000004278148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbadd92e3beb16b02022-01-04 14:18:54.460root 11241100x80000000000000004278149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949e8d4eb50287382022-01-04 14:18:54.460root 11241100x80000000000000004278150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc829e11a56248802022-01-04 14:18:54.460root 11241100x80000000000000004278151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffddc2b45f4ad8872022-01-04 14:18:54.460root 11241100x80000000000000004278152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb2b7e633be7d8f2022-01-04 14:18:54.460root 11241100x80000000000000004278153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5546cacaf72e67032022-01-04 14:18:54.460root 11241100x80000000000000004278154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbaec89d15bba3a2022-01-04 14:18:54.461root 11241100x80000000000000004278155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2471531f2222fd2022-01-04 14:18:54.461root 11241100x80000000000000004278156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a1fb1dcf96b6052022-01-04 14:18:54.461root 11241100x80000000000000004278157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8486e4f88cf14aa2022-01-04 14:18:54.461root 11241100x80000000000000004278158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b096e8a8961b04722022-01-04 14:18:54.461root 11241100x80000000000000004278159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1feba0c3d9139cf2022-01-04 14:18:54.461root 11241100x80000000000000004278160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f031bf594141e92022-01-04 14:18:54.462root 11241100x80000000000000004278161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644470f59d6ade32022-01-04 14:18:54.462root 11241100x80000000000000004278162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8ae033ab129a7d2022-01-04 14:18:54.462root 11241100x80000000000000004278163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dcc34171acf2562022-01-04 14:18:54.462root 11241100x80000000000000004278164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f363af79eb678522022-01-04 14:18:54.462root 11241100x80000000000000004278165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e23cb01161b1f2022-01-04 14:18:54.462root 11241100x80000000000000004278166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f1629160f5169a2022-01-04 14:18:54.462root 11241100x80000000000000004278167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f95a54ee0e7ab722022-01-04 14:18:54.462root 11241100x80000000000000004278168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2430517911602da2022-01-04 14:18:54.959root 11241100x80000000000000004278169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ac28a251aac0412022-01-04 14:18:54.959root 11241100x80000000000000004278170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a754648fe3a269f62022-01-04 14:18:54.959root 11241100x80000000000000004278171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c596fdff602b72022-01-04 14:18:54.960root 11241100x80000000000000004278172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2949cc8d0f2fc2692022-01-04 14:18:54.960root 11241100x80000000000000004278173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1383420b23fb662022-01-04 14:18:54.960root 11241100x80000000000000004278174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de32a55f36d338b02022-01-04 14:18:54.960root 11241100x80000000000000004278175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e679732932f169f52022-01-04 14:18:54.960root 11241100x80000000000000004278176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f20f6cb32f3d6792022-01-04 14:18:54.960root 11241100x80000000000000004278177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12e83f89c603bc72022-01-04 14:18:54.960root 11241100x80000000000000004278178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891ad7912b46cf0e2022-01-04 14:18:54.960root 11241100x80000000000000004278179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f1b2f19a8bfbae2022-01-04 14:18:54.960root 11241100x80000000000000004278180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38a6ab5c315cba52022-01-04 14:18:54.960root 11241100x80000000000000004278181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17627fc3672af8d12022-01-04 14:18:54.960root 11241100x80000000000000004278182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419d187b8921ef5f2022-01-04 14:18:54.961root 11241100x80000000000000004278183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993e982500062e782022-01-04 14:18:54.961root 11241100x80000000000000004278184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60f63feb944a56d2022-01-04 14:18:54.961root 11241100x80000000000000004278185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d02272e1155f1a2022-01-04 14:18:54.961root 11241100x80000000000000004278186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b1aff1792c0a212022-01-04 14:18:54.961root 11241100x80000000000000004278187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17873e21e60345512022-01-04 14:18:54.961root 11241100x80000000000000004278188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a32f3ebf0854042022-01-04 14:18:54.961root 11241100x80000000000000004278189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d61abf2d6f9fef2022-01-04 14:18:54.961root 11241100x80000000000000004278190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07cee3989ee15b82022-01-04 14:18:54.961root 11241100x80000000000000004278191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d466902c804e46c12022-01-04 14:18:54.961root 11241100x80000000000000004278192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6903f39c87159a2022-01-04 14:18:54.961root 11241100x80000000000000004278193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccffe626ca004382022-01-04 14:18:54.961root 11241100x80000000000000004278194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daf1ba08ccc93262022-01-04 14:18:54.962root 11241100x80000000000000004278195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aebf727cd4c19c2022-01-04 14:18:54.962root 11241100x80000000000000004278196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047dce3888cf22ea2022-01-04 14:18:54.962root 11241100x80000000000000004278197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328d45ce0d3f6b6b2022-01-04 14:18:54.962root 11241100x80000000000000004278198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698d0ce68a526202022-01-04 14:18:55.459root 11241100x80000000000000004278199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5772b3c4d9fef2a2022-01-04 14:18:55.459root 11241100x80000000000000004278200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595cde793cb672772022-01-04 14:18:55.459root 11241100x80000000000000004278201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abbc7ecc78a2d652022-01-04 14:18:55.459root 11241100x80000000000000004278202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bd4c94a568318f2022-01-04 14:18:55.460root 11241100x80000000000000004278203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cc62327e0c6cda2022-01-04 14:18:55.460root 11241100x80000000000000004278204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79a8ef293890a5c2022-01-04 14:18:55.460root 11241100x80000000000000004278205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eb2d5c951a408b2022-01-04 14:18:55.460root 11241100x80000000000000004278206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6027686d0d76652f2022-01-04 14:18:55.460root 11241100x80000000000000004278207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c8090c7e0d5102022-01-04 14:18:55.460root 11241100x80000000000000004278208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a017d9f201e3baf2022-01-04 14:18:55.461root 11241100x80000000000000004278209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f45647c29072e02022-01-04 14:18:55.461root 11241100x80000000000000004278210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e540404095e1eefc2022-01-04 14:18:55.461root 11241100x80000000000000004278211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a99801f6f7b9b02022-01-04 14:18:55.461root 11241100x80000000000000004278212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be0388186f185b32022-01-04 14:18:55.461root 11241100x80000000000000004278213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da623a9480f4850f2022-01-04 14:18:55.461root 11241100x80000000000000004278214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffdda137b988bcd2022-01-04 14:18:55.461root 11241100x80000000000000004278215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac44464a56c0449d2022-01-04 14:18:55.461root 11241100x80000000000000004278216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf48edf73f1e5b3c2022-01-04 14:18:55.462root 11241100x80000000000000004278217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9637ac8d29e6ca432022-01-04 14:18:55.462root 11241100x80000000000000004278218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e4ad091fd043b2022-01-04 14:18:55.462root 11241100x80000000000000004278219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d8f9ae576a235d2022-01-04 14:18:55.462root 11241100x80000000000000004278220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bc54efa049c0a92022-01-04 14:18:55.462root 11241100x80000000000000004278221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b95c867cb398ab12022-01-04 14:18:55.462root 11241100x80000000000000004278222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c25f6df0e81d02022-01-04 14:18:55.463root 11241100x80000000000000004278223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda1ae20d385702f2022-01-04 14:18:55.463root 11241100x80000000000000004278224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d063f41a5d12ef2022-01-04 14:18:55.463root 11241100x80000000000000004278225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdacbe75c4477732022-01-04 14:18:55.463root 11241100x80000000000000004278226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525878bfca6e65f72022-01-04 14:18:55.463root 11241100x80000000000000004278227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506b28b8182b01e92022-01-04 14:18:55.463root 11241100x80000000000000004278228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0472572307ed772022-01-04 14:18:55.463root 11241100x80000000000000004278229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23090c7f2cfd9bba2022-01-04 14:18:55.464root 11241100x80000000000000004278230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88ad509a4852d662022-01-04 14:18:55.464root 11241100x80000000000000004278231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3041f8d1468b1bf12022-01-04 14:18:55.464root 11241100x80000000000000004278232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8b242ed046bae2022-01-04 14:18:55.464root 11241100x80000000000000004278233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0e82b7959e57b62022-01-04 14:18:55.960root 11241100x80000000000000004278234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46277271891c7b22022-01-04 14:18:55.960root 11241100x80000000000000004278235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399c78e8cc7b91f42022-01-04 14:18:55.960root 11241100x80000000000000004278236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbe4b8117d0147a2022-01-04 14:18:55.960root 11241100x80000000000000004278237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec5cdbfa036bafa2022-01-04 14:18:55.960root 11241100x80000000000000004278238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e2b4e2770bc662022-01-04 14:18:55.960root 11241100x80000000000000004278239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf67ce8b7a5375d2022-01-04 14:18:55.960root 11241100x80000000000000004278240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b8397c59f55992022-01-04 14:18:55.961root 11241100x80000000000000004278241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec32e85737ba1612022-01-04 14:18:55.961root 11241100x80000000000000004278242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2973d2a14157792022-01-04 14:18:55.961root 11241100x80000000000000004278243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5e3888942ea8332022-01-04 14:18:55.961root 11241100x80000000000000004278244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79a31e1b7eebfb02022-01-04 14:18:55.961root 11241100x80000000000000004278245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565e81af78f3b5ad2022-01-04 14:18:55.961root 11241100x80000000000000004278246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79092ade3fafe0d32022-01-04 14:18:55.961root 11241100x80000000000000004278247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7c83e467581c82022-01-04 14:18:55.961root 11241100x80000000000000004278248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236ae405d349a76f2022-01-04 14:18:55.961root 11241100x80000000000000004278249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77032f298e54393b2022-01-04 14:18:55.962root 11241100x80000000000000004278250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf326fe7d7a2c9202022-01-04 14:18:55.962root 11241100x80000000000000004278251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c54b63221a95f32022-01-04 14:18:55.962root 11241100x80000000000000004278252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df3326b4bc098e92022-01-04 14:18:55.962root 11241100x80000000000000004278253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a61aa83d6175012022-01-04 14:18:55.962root 11241100x80000000000000004278254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e2116b3416299b2022-01-04 14:18:55.962root 11241100x80000000000000004278255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76c467ee80b6e962022-01-04 14:18:55.962root 11241100x80000000000000004278256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c403f98e6671d6d62022-01-04 14:18:55.962root 11241100x80000000000000004278257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980370a49b90b832022-01-04 14:18:55.962root 11241100x80000000000000004278258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4f62f92aa2c2562022-01-04 14:18:55.962root 11241100x80000000000000004278259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d7f7d340960a32022-01-04 14:18:55.963root 11241100x80000000000000004278260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650483702afd839b2022-01-04 14:18:55.963root 11241100x80000000000000004278261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:55.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e4ff12be52c6462022-01-04 14:18:55.963root 11241100x80000000000000004278262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c813d99ea1991d2022-01-04 14:18:56.459root 11241100x80000000000000004278263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54feb13e65107ce2022-01-04 14:18:56.459root 11241100x80000000000000004278264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b3447c2844f9a42022-01-04 14:18:56.459root 11241100x80000000000000004278265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc55f24bd95ee3a02022-01-04 14:18:56.459root 11241100x80000000000000004278266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fffb1f330e585212022-01-04 14:18:56.459root 11241100x80000000000000004278267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97af0e6f652b0b22022-01-04 14:18:56.460root 11241100x80000000000000004278268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4e01f64c80eed32022-01-04 14:18:56.460root 11241100x80000000000000004278269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b304ed25185b2e22022-01-04 14:18:56.460root 11241100x80000000000000004278270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14b6b0e40b670012022-01-04 14:18:56.460root 11241100x80000000000000004278271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e10ad8259c5ff882022-01-04 14:18:56.460root 11241100x80000000000000004278272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6e70db983830ac2022-01-04 14:18:56.460root 11241100x80000000000000004278273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c50c68d53f74122022-01-04 14:18:56.461root 11241100x80000000000000004278274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c3607737b15f32022-01-04 14:18:56.461root 11241100x80000000000000004278275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df18c15b3c128642022-01-04 14:18:56.461root 11241100x80000000000000004278276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0122f2ef66280e2022-01-04 14:18:56.461root 11241100x80000000000000004278277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afda0b6e6c8f2a22022-01-04 14:18:56.461root 11241100x80000000000000004278278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de7fe0ccddc99882022-01-04 14:18:56.461root 11241100x80000000000000004278279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c717af69918ee77c2022-01-04 14:18:56.462root 11241100x80000000000000004278280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19b2dd42fd68082022-01-04 14:18:56.462root 11241100x80000000000000004278281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da671728650802742022-01-04 14:18:56.462root 11241100x80000000000000004278282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee1bbe5e22f9382022-01-04 14:18:56.462root 11241100x80000000000000004278283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fafc3744bef5dbd2022-01-04 14:18:56.462root 11241100x80000000000000004278284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8106f1eea4183d2022-01-04 14:18:56.463root 11241100x80000000000000004278285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ad321c7c1389842022-01-04 14:18:56.463root 11241100x80000000000000004278286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0361a28be1f67e462022-01-04 14:18:56.463root 11241100x80000000000000004278287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb889a1581e4b372022-01-04 14:18:56.463root 11241100x80000000000000004278288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f2a9e0283d8682022-01-04 14:18:56.463root 11241100x80000000000000004278289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9af4ebc4d08dc22022-01-04 14:18:56.464root 11241100x80000000000000004278290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d7b9ecf4b046c2022-01-04 14:18:56.464root 11241100x80000000000000004278291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cd7b26e9b56a012022-01-04 14:18:56.464root 11241100x80000000000000004278292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef0705290dc10d2022-01-04 14:18:56.464root 11241100x80000000000000004278293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565257530dfcef282022-01-04 14:18:56.464root 11241100x80000000000000004278294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03d9ec59c5071bf2022-01-04 14:18:56.465root 11241100x80000000000000004278295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85957bfe1db76e82022-01-04 14:18:56.465root 11241100x80000000000000004278296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108238c408454deb2022-01-04 14:18:56.465root 11241100x80000000000000004278297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d693d5e7e9a298812022-01-04 14:18:56.960root 11241100x80000000000000004278298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aa94b47feb96ed2022-01-04 14:18:56.960root 11241100x80000000000000004278299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e519382b71a16762022-01-04 14:18:56.960root 11241100x80000000000000004278300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4437a7772738a7d22022-01-04 14:18:56.960root 11241100x80000000000000004278301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517d41d00aa7d24b2022-01-04 14:18:56.961root 11241100x80000000000000004278302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25c0257a4711cd42022-01-04 14:18:56.961root 11241100x80000000000000004278303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3822662bf957892022-01-04 14:18:56.961root 11241100x80000000000000004278304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb092cf3ba6305e2022-01-04 14:18:56.961root 11241100x80000000000000004278305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3273e15ca06ce3c52022-01-04 14:18:56.961root 11241100x80000000000000004278306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdf99d81c498c412022-01-04 14:18:56.961root 11241100x80000000000000004278307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fcfe6c9e4113992022-01-04 14:18:56.962root 11241100x80000000000000004278308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e726735f823fc8612022-01-04 14:18:56.962root 11241100x80000000000000004278309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea4cad5422adbe42022-01-04 14:18:56.962root 11241100x80000000000000004278310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22819d642159e3612022-01-04 14:18:56.962root 11241100x80000000000000004278311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9594bb46ac00f272022-01-04 14:18:56.963root 11241100x80000000000000004278312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4b43f476a664382022-01-04 14:18:56.963root 11241100x80000000000000004278313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3a459df7e1529e2022-01-04 14:18:56.963root 11241100x80000000000000004278314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3f186221831b4f2022-01-04 14:18:56.963root 11241100x80000000000000004278315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07922698d3cd7ede2022-01-04 14:18:56.963root 11241100x80000000000000004278316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78fbac6cc3573ba2022-01-04 14:18:56.963root 11241100x80000000000000004278317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed53f2eb9b5572c2022-01-04 14:18:56.964root 11241100x80000000000000004278318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce0222137371d0c2022-01-04 14:18:56.964root 11241100x80000000000000004278319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58abdd24535797992022-01-04 14:18:56.964root 11241100x80000000000000004278320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea9da19f15a71732022-01-04 14:18:56.965root 11241100x80000000000000004278321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07c89a98c0d3dd02022-01-04 14:18:56.965root 11241100x80000000000000004278322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5fc20778ae23262022-01-04 14:18:56.965root 11241100x80000000000000004278323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7dac58aa36fb852022-01-04 14:18:56.965root 11241100x80000000000000004278324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cb404744cc02b82022-01-04 14:18:56.965root 11241100x80000000000000004278325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:56.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9876add72bfb9b2022-01-04 14:18:56.966root 11241100x80000000000000004278326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a52b9e2defc9f92022-01-04 14:18:57.459root 11241100x80000000000000004278327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6de2569b82fe6a42022-01-04 14:18:57.460root 11241100x80000000000000004278328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f0aef2fe7073b62022-01-04 14:18:57.460root 11241100x80000000000000004278329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535aa739878df0b32022-01-04 14:18:57.460root 11241100x80000000000000004278330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a094aa80de6f532022-01-04 14:18:57.460root 11241100x80000000000000004278331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1a1e564d2a4e8e2022-01-04 14:18:57.461root 11241100x80000000000000004278332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edad6cdc85354fa2022-01-04 14:18:57.461root 11241100x80000000000000004278333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57c8044b02df5052022-01-04 14:18:57.461root 11241100x80000000000000004278334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0f1b50627a31472022-01-04 14:18:57.461root 11241100x80000000000000004278335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbca39d5822a31a2022-01-04 14:18:57.461root 11241100x80000000000000004278336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f76a49431d3a0c2022-01-04 14:18:57.461root 11241100x80000000000000004278337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f3c9414f8423412022-01-04 14:18:57.462root 11241100x80000000000000004278338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d68512deaf49fcb2022-01-04 14:18:57.462root 11241100x80000000000000004278339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d2e6ee9f08d3a2022-01-04 14:18:57.462root 11241100x80000000000000004278340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911dea49bb24549d2022-01-04 14:18:57.462root 11241100x80000000000000004278341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ab7bb426f315902022-01-04 14:18:57.462root 11241100x80000000000000004278342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feff2ab58fc7cf752022-01-04 14:18:57.462root 11241100x80000000000000004278343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b276577ea20538a22022-01-04 14:18:57.463root 11241100x80000000000000004278344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890868c25a5da9562022-01-04 14:18:57.463root 11241100x80000000000000004278345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e72cb337005e7c32022-01-04 14:18:57.463root 11241100x80000000000000004278346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea23507d6406f1d2022-01-04 14:18:57.463root 11241100x80000000000000004278347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df52b5da4efed0f52022-01-04 14:18:57.463root 11241100x80000000000000004278348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafb746ab83b29ef2022-01-04 14:18:57.464root 11241100x80000000000000004278349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dd23716fe7683d2022-01-04 14:18:57.464root 11241100x80000000000000004278350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0729b7116c9ae1a12022-01-04 14:18:57.464root 11241100x80000000000000004278351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e772d2c77db452022-01-04 14:18:57.464root 11241100x80000000000000004278352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5fffc687f4254f2022-01-04 14:18:57.464root 11241100x80000000000000004278353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ed25ea23f33e7d2022-01-04 14:18:57.464root 11241100x80000000000000004278354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581b7089b6d28e102022-01-04 14:18:57.464root 11241100x80000000000000004278355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940ce3236dcbbb592022-01-04 14:18:57.464root 11241100x80000000000000004278356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c833a7652c1c06c2022-01-04 14:18:57.959root 11241100x80000000000000004278357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea96239f6831a052022-01-04 14:18:57.959root 11241100x80000000000000004278358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120435daa1d6993d2022-01-04 14:18:57.959root 11241100x80000000000000004278359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d235fd3c7887c9c2022-01-04 14:18:57.960root 11241100x80000000000000004278360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc959c679b67d5f12022-01-04 14:18:57.960root 11241100x80000000000000004278361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1f67e9900195162022-01-04 14:18:57.960root 11241100x80000000000000004278362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6f666b1c8279bd2022-01-04 14:18:57.960root 11241100x80000000000000004278363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e066b5078c1fa2072022-01-04 14:18:57.960root 11241100x80000000000000004278364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1842db2c6dc1872022-01-04 14:18:57.960root 11241100x80000000000000004278365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec38e2b6d5abc212022-01-04 14:18:57.961root 11241100x80000000000000004278366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e2496b2dc884bc2022-01-04 14:18:57.961root 11241100x80000000000000004278367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0206c6321b5e38382022-01-04 14:18:57.961root 11241100x80000000000000004278368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10633087379e90ae2022-01-04 14:18:57.961root 11241100x80000000000000004278369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0204ecbad2c320022022-01-04 14:18:57.961root 11241100x80000000000000004278370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec037d163e0529212022-01-04 14:18:57.961root 11241100x80000000000000004278371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac79c46ba261cae02022-01-04 14:18:57.961root 11241100x80000000000000004278372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbd90c6f77617982022-01-04 14:18:57.962root 11241100x80000000000000004278373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86650885363d2aa42022-01-04 14:18:57.962root 11241100x80000000000000004278374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f66f1b65b2be8f42022-01-04 14:18:57.962root 11241100x80000000000000004278375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6275500dd8348a2022-01-04 14:18:57.962root 11241100x80000000000000004278376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a2ccfff4db0ffc2022-01-04 14:18:57.962root 11241100x80000000000000004278377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5ee1ca5d471eab2022-01-04 14:18:57.962root 11241100x80000000000000004278378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8173ed48e3d97e312022-01-04 14:18:57.962root 11241100x80000000000000004278379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e03ba5336350e82022-01-04 14:18:57.963root 11241100x80000000000000004278380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6729ec5a170a65c2022-01-04 14:18:57.963root 11241100x80000000000000004278381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5473b93a0b3023672022-01-04 14:18:57.963root 11241100x80000000000000004278382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3072c5d29bfb772022-01-04 14:18:57.963root 11241100x80000000000000004278383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab96ac89d59a23d2022-01-04 14:18:57.963root 11241100x80000000000000004278384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faacb4f96a3557f72022-01-04 14:18:57.963root 11241100x80000000000000004278385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87638ac7438a3992022-01-04 14:18:57.963root 11241100x80000000000000004278386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e158219589327432022-01-04 14:18:57.963root 11241100x80000000000000004278387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602d5b7818215a2c2022-01-04 14:18:57.964root 11241100x80000000000000004278388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f525dcb10e885352022-01-04 14:18:57.964root 11241100x80000000000000004278389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:57.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395f8a73efbf97cd2022-01-04 14:18:57.964root 354300x80000000000000004278390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.034{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41514-false10.0.1.12-8000- 11241100x80000000000000004278391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4465380ea720c082022-01-04 14:18:58.459root 11241100x80000000000000004278392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f62ba839d394b82022-01-04 14:18:58.460root 11241100x80000000000000004278393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae313b4e9523e72022-01-04 14:18:58.460root 11241100x80000000000000004278394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f84f9c21b2fd4a2022-01-04 14:18:58.460root 11241100x80000000000000004278395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81252d39f0a6d8f92022-01-04 14:18:58.460root 11241100x80000000000000004278396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0640c8c561fdce22022-01-04 14:18:58.460root 11241100x80000000000000004278397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3056a35a667fd2412022-01-04 14:18:58.461root 11241100x80000000000000004278398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b106f7bb48501342022-01-04 14:18:58.461root 11241100x80000000000000004278399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1ce61963360e062022-01-04 14:18:58.461root 11241100x80000000000000004278400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc3b63754358b092022-01-04 14:18:58.461root 11241100x80000000000000004278401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2a32c81972698a2022-01-04 14:18:58.461root 11241100x80000000000000004278402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ff7308a961f3cb2022-01-04 14:18:58.461root 11241100x80000000000000004278403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c188601ad18dd2022-01-04 14:18:58.461root 11241100x80000000000000004278404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab2368d20155fc42022-01-04 14:18:58.461root 11241100x80000000000000004278405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8579549be942563c2022-01-04 14:18:58.461root 11241100x80000000000000004278406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b3766c6ec889952022-01-04 14:18:58.461root 11241100x80000000000000004278407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deefa9d356aa006c2022-01-04 14:18:58.462root 11241100x80000000000000004278408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba13cfba50c6553d2022-01-04 14:18:58.462root 11241100x80000000000000004278409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f567790aa127fa2022-01-04 14:18:58.462root 11241100x80000000000000004278410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c744eca504076432022-01-04 14:18:58.462root 11241100x80000000000000004278411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e996f241269c6b2022-01-04 14:18:58.462root 11241100x80000000000000004278412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f5031a0e310612022-01-04 14:18:58.462root 11241100x80000000000000004278413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ecfe88ed2b94d82022-01-04 14:18:58.462root 11241100x80000000000000004278414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94c379b0d8559cc2022-01-04 14:18:58.463root 11241100x80000000000000004278415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a7df82de8fa082022-01-04 14:18:58.463root 11241100x80000000000000004278416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de04fa5632085d062022-01-04 14:18:58.464root 11241100x80000000000000004278417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162cbf7ea1fb15aa2022-01-04 14:18:58.464root 11241100x80000000000000004278418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988d2653e147eedf2022-01-04 14:18:58.465root 11241100x80000000000000004278419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018a8609772615542022-01-04 14:18:58.466root 11241100x80000000000000004278420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7115cad3b8c92012022-01-04 14:18:58.466root 11241100x80000000000000004278421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e2d46f7e268f02022-01-04 14:18:58.466root 11241100x80000000000000004278422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d87f12ec06439092022-01-04 14:18:58.466root 11241100x80000000000000004278423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaebbefb33145792022-01-04 14:18:58.959root 11241100x80000000000000004278424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8649822768ac26c02022-01-04 14:18:58.959root 11241100x80000000000000004278425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cb72f9aec4518b2022-01-04 14:18:58.959root 11241100x80000000000000004278426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8742cb7e192ecd2022-01-04 14:18:58.959root 11241100x80000000000000004278427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6949a121c8326f872022-01-04 14:18:58.960root 11241100x80000000000000004278428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51958811f5edc22a2022-01-04 14:18:58.960root 11241100x80000000000000004278429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84614ca9426716952022-01-04 14:18:58.960root 11241100x80000000000000004278430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5bf93998450442022-01-04 14:18:58.960root 11241100x80000000000000004278431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8095e311be10febd2022-01-04 14:18:58.960root 11241100x80000000000000004278432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c69931954f09452022-01-04 14:18:58.960root 11241100x80000000000000004278433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a383518e26a05422022-01-04 14:18:58.960root 11241100x80000000000000004278434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff881ddd35c2d272022-01-04 14:18:58.961root 11241100x80000000000000004278435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b737487b8a381522022-01-04 14:18:58.961root 11241100x80000000000000004278436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46f61b1a1906a6b2022-01-04 14:18:58.961root 11241100x80000000000000004278437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f6674cd2b3b88a2022-01-04 14:18:58.961root 11241100x80000000000000004278438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880fd073d9af5ee22022-01-04 14:18:58.961root 11241100x80000000000000004278439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb173cda81ad7fe2022-01-04 14:18:58.961root 11241100x80000000000000004278440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8908aea0ffacd1172022-01-04 14:18:58.961root 11241100x80000000000000004278441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d756dc645c1368b52022-01-04 14:18:58.961root 11241100x80000000000000004278442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0853f7871ed8824b2022-01-04 14:18:58.961root 11241100x80000000000000004278443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8703b85eaf52f52022-01-04 14:18:58.961root 11241100x80000000000000004278444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d7ccc0588db3e52022-01-04 14:18:58.961root 11241100x80000000000000004278445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18fc7c9dd2999862022-01-04 14:18:58.961root 11241100x80000000000000004278446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10f1bfdc6721432022-01-04 14:18:58.962root 11241100x80000000000000004278447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea3003b248b26372022-01-04 14:18:58.962root 11241100x80000000000000004278448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a963d579c1d8765b2022-01-04 14:18:58.962root 11241100x80000000000000004278449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c581ed1fcf3fd612022-01-04 14:18:58.962root 11241100x80000000000000004278450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f83169f994a2282022-01-04 14:18:58.962root 11241100x80000000000000004278451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36893cfcb9beda562022-01-04 14:18:58.962root 11241100x80000000000000004278452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0946663cd246ffbb2022-01-04 14:18:58.962root 11241100x80000000000000004278453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3890ba2c6c75e22022-01-04 14:18:58.962root 11241100x80000000000000004278454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96929a0bea3e2892022-01-04 14:18:58.962root 11241100x80000000000000004278455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:58.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e909d1dbf2b0dd22022-01-04 14:18:58.962root 11241100x80000000000000004278456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d675b413aa7a218e2022-01-04 14:18:59.460root 11241100x80000000000000004278457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710443279927e2bb2022-01-04 14:18:59.460root 11241100x80000000000000004278458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9e7df987e32d52022-01-04 14:18:59.460root 11241100x80000000000000004278459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeb256c38b179562022-01-04 14:18:59.460root 11241100x80000000000000004278460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd5242c740074c82022-01-04 14:18:59.460root 11241100x80000000000000004278461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c176204cb094be42022-01-04 14:18:59.460root 11241100x80000000000000004278462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafb139403889682022-01-04 14:18:59.460root 11241100x80000000000000004278463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6de24454a422612022-01-04 14:18:59.461root 11241100x80000000000000004278464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac08418938fc4b2022-01-04 14:18:59.461root 11241100x80000000000000004278465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea003fc07d82f5812022-01-04 14:18:59.461root 11241100x80000000000000004278466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a208207096b25d952022-01-04 14:18:59.461root 11241100x80000000000000004278467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369e20aa22148b892022-01-04 14:18:59.461root 11241100x80000000000000004278468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bae6e1799cd70062022-01-04 14:18:59.461root 11241100x80000000000000004278469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e599d40ee3148e2022-01-04 14:18:59.461root 11241100x80000000000000004278470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db9df21db6cfb932022-01-04 14:18:59.461root 11241100x80000000000000004278471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c1eaf9766989622022-01-04 14:18:59.461root 11241100x80000000000000004278472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd210adf97977e52022-01-04 14:18:59.461root 11241100x80000000000000004278473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de19f09d5afd9b802022-01-04 14:18:59.461root 11241100x80000000000000004278474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4967112a94e236652022-01-04 14:18:59.461root 11241100x80000000000000004278475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de27aebbac7f009f2022-01-04 14:18:59.462root 11241100x80000000000000004278476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1772c549ea8ae5fa2022-01-04 14:18:59.462root 11241100x80000000000000004278477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cdeb4f881bf2e82022-01-04 14:18:59.462root 11241100x80000000000000004278478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf166ba8e66384fc2022-01-04 14:18:59.462root 11241100x80000000000000004278479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304eee5dee9b0e12022-01-04 14:18:59.462root 11241100x80000000000000004278480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d3bfa246f3e31c2022-01-04 14:18:59.462root 11241100x80000000000000004278481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0922fe10cc23952022-01-04 14:18:59.462root 11241100x80000000000000004278482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe769cbf715d3552022-01-04 14:18:59.462root 11241100x80000000000000004278483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d928d045fb340272022-01-04 14:18:59.462root 11241100x80000000000000004278484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc2f85b7bcc7402022-01-04 14:18:59.462root 11241100x80000000000000004278485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2871cbb546d262592022-01-04 14:18:59.462root 11241100x80000000000000004278486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117afc1df12442542022-01-04 14:18:59.959root 11241100x80000000000000004278487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989440e83df9c7bb2022-01-04 14:18:59.959root 11241100x80000000000000004278488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da770cddb79c55862022-01-04 14:18:59.959root 11241100x80000000000000004278489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea316328fe66042022-01-04 14:18:59.959root 11241100x80000000000000004278490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c714527c1de5f8732022-01-04 14:18:59.959root 11241100x80000000000000004278491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c94b6732fc9ca42022-01-04 14:18:59.960root 11241100x80000000000000004278492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6414a641d4fd59cd2022-01-04 14:18:59.960root 11241100x80000000000000004278493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1754c0c39ca94fa12022-01-04 14:18:59.960root 11241100x80000000000000004278494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8507ef7292624592022-01-04 14:18:59.960root 11241100x80000000000000004278495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c206bff19d57581b2022-01-04 14:18:59.960root 11241100x80000000000000004278496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a0622f102aa0072022-01-04 14:18:59.960root 11241100x80000000000000004278497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d691b05d58602c2022-01-04 14:18:59.960root 11241100x80000000000000004278498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bf1cd715d93c9a2022-01-04 14:18:59.960root 11241100x80000000000000004278499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb8fdee5202d512022-01-04 14:18:59.960root 11241100x80000000000000004278500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6bb37db6f290482022-01-04 14:18:59.960root 11241100x80000000000000004278501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ea7b1c1c37c0b2022-01-04 14:18:59.960root 11241100x80000000000000004278502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c0e7338b0692992022-01-04 14:18:59.961root 11241100x80000000000000004278503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661618ff9a1943a2022-01-04 14:18:59.961root 11241100x80000000000000004278504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f7c39ead438db2022-01-04 14:18:59.961root 11241100x80000000000000004278505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e5858b744500dc2022-01-04 14:18:59.961root 11241100x80000000000000004278506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c026ed48fef17db22022-01-04 14:18:59.961root 11241100x80000000000000004278507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cf9f1593de41042022-01-04 14:18:59.961root 11241100x80000000000000004278508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d141f3666e844edf2022-01-04 14:18:59.961root 11241100x80000000000000004278509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a22a54aada3e672022-01-04 14:18:59.961root 11241100x80000000000000004278510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d9066e208cf7812022-01-04 14:18:59.961root 11241100x80000000000000004278511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457b41ce93dfa732022-01-04 14:18:59.962root 11241100x80000000000000004278512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f500607d08566c6e2022-01-04 14:18:59.962root 11241100x80000000000000004278513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e1f482b75a3be02022-01-04 14:18:59.962root 11241100x80000000000000004278514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4124ab7bfaffbd242022-01-04 14:18:59.962root 11241100x80000000000000004278515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f62d03e1f11bf02022-01-04 14:18:59.962root 11241100x80000000000000004278516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5a13fd23c5cbd02022-01-04 14:18:59.962root 11241100x80000000000000004278517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5c0f5e756bac092022-01-04 14:18:59.962root 11241100x80000000000000004278518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18506e2dab46a9982022-01-04 14:18:59.963root 11241100x80000000000000004278519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6077a12b1b8a08162022-01-04 14:18:59.963root 11241100x80000000000000004278520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:18:59.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8710cab49ffd5b2022-01-04 14:18:59.963root 11241100x80000000000000004278521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b261b7c067bcba12022-01-04 14:19:00.460root 11241100x80000000000000004278522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0574bee42772f82022-01-04 14:19:00.460root 11241100x80000000000000004278523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77baa01c02f804e02022-01-04 14:19:00.460root 11241100x80000000000000004278524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dd48d14c4b5f3f2022-01-04 14:19:00.460root 11241100x80000000000000004278525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb482b6f442fe5852022-01-04 14:19:00.460root 11241100x80000000000000004278526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe4f89d79b2fd522022-01-04 14:19:00.461root 11241100x80000000000000004278527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a29a84822c60442022-01-04 14:19:00.461root 11241100x80000000000000004278528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712efa2ecaa461432022-01-04 14:19:00.461root 11241100x80000000000000004278529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e82ae059eebe9b12022-01-04 14:19:00.461root 11241100x80000000000000004278530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ba78707e21f9bc2022-01-04 14:19:00.461root 11241100x80000000000000004278531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35786b26b0b67ea42022-01-04 14:19:00.461root 11241100x80000000000000004278532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8761141e4d12032022-01-04 14:19:00.461root 11241100x80000000000000004278533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff8900d0df4ddae2022-01-04 14:19:00.461root 11241100x80000000000000004278534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc860432964a62332022-01-04 14:19:00.461root 11241100x80000000000000004278535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34814395516e60112022-01-04 14:19:00.461root 11241100x80000000000000004278536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9c816312d9f84d2022-01-04 14:19:00.461root 11241100x80000000000000004278537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444159f07b70514a2022-01-04 14:19:00.461root 11241100x80000000000000004278538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c686f91c0d6f0ed52022-01-04 14:19:00.461root 11241100x80000000000000004278539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627e14c62080c802022-01-04 14:19:00.461root 11241100x80000000000000004278540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32c1772f0ec096c2022-01-04 14:19:00.461root 11241100x80000000000000004278541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938f842f1b39155a2022-01-04 14:19:00.462root 11241100x80000000000000004278542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8554635a27eb3a2022-01-04 14:19:00.462root 11241100x80000000000000004278543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd84b81a8f68d2d2022-01-04 14:19:00.462root 11241100x80000000000000004278544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dd5e170460667b2022-01-04 14:19:00.462root 11241100x80000000000000004278545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa622539d1039b2022-01-04 14:19:00.462root 11241100x80000000000000004278546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16ce48b368059122022-01-04 14:19:00.462root 11241100x80000000000000004278547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af42086947485dd2022-01-04 14:19:00.462root 11241100x80000000000000004278548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f396147c47986c0e2022-01-04 14:19:00.462root 11241100x80000000000000004278549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c110baecec9e1b5f2022-01-04 14:19:00.462root 11241100x80000000000000004278550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b646d7b14c68c8f12022-01-04 14:19:00.462root 11241100x80000000000000004278551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c417683252e772022-01-04 14:19:00.959root 11241100x80000000000000004278552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400b1a6a8e797cef2022-01-04 14:19:00.960root 11241100x80000000000000004278553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda70c3e3f5905f2022-01-04 14:19:00.960root 11241100x80000000000000004278554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f4251ed1f3f8a62022-01-04 14:19:00.960root 11241100x80000000000000004278555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efdb003d4e9d5f72022-01-04 14:19:00.960root 11241100x80000000000000004278556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf1ecc01611efba2022-01-04 14:19:00.960root 11241100x80000000000000004278557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a689716d18829e382022-01-04 14:19:00.960root 11241100x80000000000000004278558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00216280bb5394c42022-01-04 14:19:00.960root 11241100x80000000000000004278559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dc30293b5a95222022-01-04 14:19:00.960root 11241100x80000000000000004278560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc169e075af5632022-01-04 14:19:00.960root 11241100x80000000000000004278561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5cfe0490ca329d2022-01-04 14:19:00.960root 11241100x80000000000000004278562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bead6a4d4e91f752022-01-04 14:19:00.960root 11241100x80000000000000004278563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b595b419dacff97c2022-01-04 14:19:00.961root 11241100x80000000000000004278564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6c956a190749e92022-01-04 14:19:00.961root 11241100x80000000000000004278565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ed37a78afe818d2022-01-04 14:19:00.961root 11241100x80000000000000004278566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7603de01adced1c82022-01-04 14:19:00.961root 11241100x80000000000000004278567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fb701c6dacdbd02022-01-04 14:19:00.961root 11241100x80000000000000004278568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b52aa55c3d9c12022-01-04 14:19:00.961root 11241100x80000000000000004278569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9132f0d59814f3002022-01-04 14:19:00.961root 11241100x80000000000000004278570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d61dfe0f3dfdad2022-01-04 14:19:00.961root 11241100x80000000000000004278571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c66be92aa7d116e2022-01-04 14:19:00.961root 11241100x80000000000000004278572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8479bdd2bee5df22022-01-04 14:19:00.961root 11241100x80000000000000004278573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250ab569db3d8de82022-01-04 14:19:00.961root 11241100x80000000000000004278574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6566273377786ce2022-01-04 14:19:00.961root 11241100x80000000000000004278575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f221decf99b0082022-01-04 14:19:00.961root 11241100x80000000000000004278576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8802bb2993e18682022-01-04 14:19:00.961root 11241100x80000000000000004278577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebd894dfd1aa3482022-01-04 14:19:00.961root 11241100x80000000000000004278578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488ce21501372c572022-01-04 14:19:00.962root 11241100x80000000000000004278579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1210ab2f0d07dd2022-01-04 14:19:00.962root 11241100x80000000000000004278580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22527a661eda937d2022-01-04 14:19:00.962root 11241100x80000000000000004278581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da3c6cb4cbc72db2022-01-04 14:19:00.962root 11241100x80000000000000004278582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5298b4d0e1f843252022-01-04 14:19:00.962root 11241100x80000000000000004278583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:00.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed0f7c6c4a96b4f2022-01-04 14:19:00.962root 11241100x80000000000000004278584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:19:01.221root 11241100x80000000000000004278585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9856145ddc06eb22022-01-04 14:19:01.222root 11241100x80000000000000004278586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f534be099b9aed4f2022-01-04 14:19:01.222root 11241100x80000000000000004278587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23347b80903363e2022-01-04 14:19:01.222root 11241100x80000000000000004278588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d324b11811d6ca72022-01-04 14:19:01.222root 11241100x80000000000000004278589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bae3caa76baffe2022-01-04 14:19:01.223root 11241100x80000000000000004278590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af03024ab116ed2022-01-04 14:19:01.223root 11241100x80000000000000004278591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b14e4cdb3657b2022-01-04 14:19:01.223root 11241100x80000000000000004278592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7f746ed0728a2d2022-01-04 14:19:01.223root 11241100x80000000000000004278593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea815d61eec973df2022-01-04 14:19:01.223root 11241100x80000000000000004278594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e3fcd0b211eb072022-01-04 14:19:01.223root 11241100x80000000000000004278595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f520b8e76ff0f2022-01-04 14:19:01.223root 11241100x80000000000000004278596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a259ce94aaa87f2022-01-04 14:19:01.224root 11241100x80000000000000004278597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f4e7e8f3a32c222022-01-04 14:19:01.224root 11241100x80000000000000004278598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fce4c58f37c279a2022-01-04 14:19:01.224root 11241100x80000000000000004278599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0538565ea6b1462022-01-04 14:19:01.224root 11241100x80000000000000004278600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae955cae7dd9e8332022-01-04 14:19:01.225root 11241100x80000000000000004278601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5854aeeb070c54e12022-01-04 14:19:01.225root 11241100x80000000000000004278602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4879409e38f8552022-01-04 14:19:01.225root 11241100x80000000000000004278603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d71411485d180be2022-01-04 14:19:01.226root 11241100x80000000000000004278604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e36eb1a4ab0917f2022-01-04 14:19:01.226root 11241100x80000000000000004278605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1be9f8a169ff8e02022-01-04 14:19:01.226root 11241100x80000000000000004278606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8790e3d1ce90562022-01-04 14:19:01.226root 11241100x80000000000000004278607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d90824c1fcd6d812022-01-04 14:19:01.226root 11241100x80000000000000004278608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeca28c9fc3bfa12022-01-04 14:19:01.226root 11241100x80000000000000004278609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b05a1759f05fa6a2022-01-04 14:19:01.227root 11241100x80000000000000004278610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60d7ac2c1fa19b22022-01-04 14:19:01.227root 11241100x80000000000000004278611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83a82bb07adddea2022-01-04 14:19:01.227root 11241100x80000000000000004278612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a48b5113a63004c2022-01-04 14:19:01.227root 11241100x80000000000000004278613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66af0cbcbc3358302022-01-04 14:19:01.227root 11241100x80000000000000004278614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf475c55d68e9852022-01-04 14:19:01.228root 11241100x80000000000000004278615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae1d485168ade912022-01-04 14:19:01.228root 11241100x80000000000000004278616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.228{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20e07b09b06a2322022-01-04 14:19:01.228root 11241100x80000000000000004278617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814fb54f84df7cc52022-01-04 14:19:01.710root 11241100x80000000000000004278618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e1998a377b30672022-01-04 14:19:01.710root 11241100x80000000000000004278619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44aed098e5f44102022-01-04 14:19:01.710root 11241100x80000000000000004278620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d995742abf2438912022-01-04 14:19:01.710root 11241100x80000000000000004278621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c1b322b7c449042022-01-04 14:19:01.711root 11241100x80000000000000004278622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979a935ae343ab12022-01-04 14:19:01.711root 11241100x80000000000000004278623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d812f4ccb8a53f442022-01-04 14:19:01.711root 11241100x80000000000000004278624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b614e8dbf29d632022-01-04 14:19:01.711root 11241100x80000000000000004278625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2727324fb19856b72022-01-04 14:19:01.711root 11241100x80000000000000004278626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6332ff24e15dbee32022-01-04 14:19:01.711root 11241100x80000000000000004278627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66174336a5d2831c2022-01-04 14:19:01.711root 11241100x80000000000000004278628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6e2dd3e84635a52022-01-04 14:19:01.711root 11241100x80000000000000004278629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e7ef8a76eb9a12022-01-04 14:19:01.712root 11241100x80000000000000004278630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdbf81b454f933e2022-01-04 14:19:01.712root 11241100x80000000000000004278631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d097a774aa66e152022-01-04 14:19:01.712root 11241100x80000000000000004278632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f45691d692082762022-01-04 14:19:01.712root 11241100x80000000000000004278633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a36624db911e3f02022-01-04 14:19:01.712root 11241100x80000000000000004278634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a5e688cba17ffc2022-01-04 14:19:01.712root 11241100x80000000000000004278635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411ba43e2f6b81382022-01-04 14:19:01.712root 11241100x80000000000000004278636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9172795939c87c3e2022-01-04 14:19:01.712root 11241100x80000000000000004278637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd455ed1dc595bbc2022-01-04 14:19:01.712root 11241100x80000000000000004278638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c490598bf19c2f9c2022-01-04 14:19:01.712root 11241100x80000000000000004278639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ea274b33db58432022-01-04 14:19:01.712root 11241100x80000000000000004278640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46517920ae4bda172022-01-04 14:19:01.712root 11241100x80000000000000004278641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bd9647ab81451f2022-01-04 14:19:01.713root 11241100x80000000000000004278642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e93481f5e91cb32022-01-04 14:19:01.713root 11241100x80000000000000004278643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0a6220a8ed6082022-01-04 14:19:01.713root 11241100x80000000000000004278644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6a9f85d9a770542022-01-04 14:19:01.713root 11241100x80000000000000004278645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422ac522e1aba26b2022-01-04 14:19:01.713root 11241100x80000000000000004278646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835dfc1fed9de4312022-01-04 14:19:01.713root 11241100x80000000000000004278647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:01.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a3a7346bd670ab2022-01-04 14:19:01.713root 11241100x80000000000000004278648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae0e09c42e23b772022-01-04 14:19:02.209root 11241100x80000000000000004278649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2040c026988e3f212022-01-04 14:19:02.209root 11241100x80000000000000004278650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec91000a8ba377062022-01-04 14:19:02.210root 11241100x80000000000000004278651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1a5358c163f4bf2022-01-04 14:19:02.210root 11241100x80000000000000004278652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e1ea47babece262022-01-04 14:19:02.210root 11241100x80000000000000004278653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb52a815175b01e2022-01-04 14:19:02.210root 11241100x80000000000000004278654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33a94ace5a9dc622022-01-04 14:19:02.211root 11241100x80000000000000004278655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa418bd3ba7975822022-01-04 14:19:02.211root 11241100x80000000000000004278656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46526913882812812022-01-04 14:19:02.211root 11241100x80000000000000004278657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a8c26d65132a692022-01-04 14:19:02.211root 11241100x80000000000000004278658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821dee0671a774f02022-01-04 14:19:02.212root 11241100x80000000000000004278659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8451121bd3c3792f2022-01-04 14:19:02.212root 11241100x80000000000000004278660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c552f1119c42264c2022-01-04 14:19:02.212root 11241100x80000000000000004278661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6ec3c0ebb0792f2022-01-04 14:19:02.212root 11241100x80000000000000004278662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6611568a178a362b2022-01-04 14:19:02.212root 11241100x80000000000000004278663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc91b9f7acf0a052022-01-04 14:19:02.213root 11241100x80000000000000004278664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0288e25cbbf79b882022-01-04 14:19:02.213root 11241100x80000000000000004278665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08e1a7ed34d9a052022-01-04 14:19:02.214root 11241100x80000000000000004278666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f867766a87e0d362022-01-04 14:19:02.214root 11241100x80000000000000004278667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6cf6bddb37303a2022-01-04 14:19:02.214root 11241100x80000000000000004278668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cb5ae3808f31ec2022-01-04 14:19:02.215root 11241100x80000000000000004278669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a5299eff9048142022-01-04 14:19:02.215root 11241100x80000000000000004278670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f10dd2f23bfd5d2022-01-04 14:19:02.215root 11241100x80000000000000004278671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b719e10c0c2a1af2022-01-04 14:19:02.215root 11241100x80000000000000004278672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df1810bc988f6d22022-01-04 14:19:02.215root 11241100x80000000000000004278673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20adadc1007e65a2022-01-04 14:19:02.215root 11241100x80000000000000004278674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f527a032f002f52022-01-04 14:19:02.215root 11241100x80000000000000004278675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05716577693e99762022-01-04 14:19:02.216root 11241100x80000000000000004278676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8780f799782c2cde2022-01-04 14:19:02.216root 11241100x80000000000000004278677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2cc9bfa04e5ac42022-01-04 14:19:02.216root 11241100x80000000000000004278678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b7386fa4adde3f2022-01-04 14:19:02.216root 11241100x80000000000000004278679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f4a1776af85e992022-01-04 14:19:02.217root 11241100x80000000000000004278680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b510665bd4a1942022-01-04 14:19:02.710root 11241100x80000000000000004278681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef54582fcd673f742022-01-04 14:19:02.710root 11241100x80000000000000004278682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf477caa4a2da72022-01-04 14:19:02.710root 11241100x80000000000000004278683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3ca34a978c55892022-01-04 14:19:02.710root 11241100x80000000000000004278684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c020ca46dd49e372022-01-04 14:19:02.710root 11241100x80000000000000004278685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7993cc6d9ae41a482022-01-04 14:19:02.710root 11241100x80000000000000004278686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a138f47f9e5e12fb2022-01-04 14:19:02.710root 11241100x80000000000000004278687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349b33775064a57e2022-01-04 14:19:02.710root 11241100x80000000000000004278688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77bf406ed8aa9242022-01-04 14:19:02.710root 11241100x80000000000000004278689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa43e5a55446e34c2022-01-04 14:19:02.711root 11241100x80000000000000004278690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe747984a8b5e92022-01-04 14:19:02.711root 11241100x80000000000000004278691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9379b659577f6942022-01-04 14:19:02.711root 11241100x80000000000000004278692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3f50484e0b14312022-01-04 14:19:02.711root 11241100x80000000000000004278693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d575ccf76f837c0f2022-01-04 14:19:02.711root 11241100x80000000000000004278694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64f23b543b55b742022-01-04 14:19:02.711root 11241100x80000000000000004278695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc7fd468ef1da0e2022-01-04 14:19:02.712root 11241100x80000000000000004278696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1dd6b78ae2d66d2022-01-04 14:19:02.712root 11241100x80000000000000004278697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1817021b5c3efe2022-01-04 14:19:02.713root 11241100x80000000000000004278698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092f474d90e607312022-01-04 14:19:02.713root 11241100x80000000000000004278699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ea3774cb95fda92022-01-04 14:19:02.713root 11241100x80000000000000004278700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c9a3ab27db9a5d2022-01-04 14:19:02.714root 11241100x80000000000000004278701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746c322ab397a46f2022-01-04 14:19:02.714root 11241100x80000000000000004278702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766692b02c95631e2022-01-04 14:19:02.715root 11241100x80000000000000004278703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f4ca3fb06a46c2022-01-04 14:19:02.716root 11241100x80000000000000004278704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa9acc2e86c02292022-01-04 14:19:02.716root 11241100x80000000000000004278705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faeb055f29fe68262022-01-04 14:19:02.716root 11241100x80000000000000004278706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3984757131b125fe2022-01-04 14:19:02.716root 11241100x80000000000000004278707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b9a4e9a7941ac2022-01-04 14:19:02.717root 11241100x80000000000000004278708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c51ae0e818848052022-01-04 14:19:02.717root 11241100x80000000000000004278709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9018ac9d4eacbf2022-01-04 14:19:02.717root 11241100x80000000000000004278710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81aa68c707c4edd2022-01-04 14:19:02.719root 11241100x80000000000000004278711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.719{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8a474ba55a7b32022-01-04 14:19:02.719root 11241100x80000000000000004278712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16c37f6f7d668092022-01-04 14:19:02.722root 11241100x80000000000000004278713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d757553fb0557ff82022-01-04 14:19:02.722root 11241100x80000000000000004278714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:02.722{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b05e88b1931493e2022-01-04 14:19:02.722root 354300x80000000000000004278715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.185{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41516-false10.0.1.12-8000- 11241100x80000000000000004278716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6940381619c9ec52022-01-04 14:19:03.186root 11241100x80000000000000004278717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c215c86d693ea9c22022-01-04 14:19:03.186root 11241100x80000000000000004278718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ca7a2645f148842022-01-04 14:19:03.186root 11241100x80000000000000004278719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017d090bb44474ee2022-01-04 14:19:03.186root 11241100x80000000000000004278720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f5a37e0a10caa22022-01-04 14:19:03.187root 11241100x80000000000000004278721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6dec54a44f189a2022-01-04 14:19:03.187root 11241100x80000000000000004278722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae84762490eb7312022-01-04 14:19:03.187root 11241100x80000000000000004278723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785eeedb26535b872022-01-04 14:19:03.187root 11241100x80000000000000004278724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd82132cd3dd9fa2022-01-04 14:19:03.187root 11241100x80000000000000004278725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae8da0ee87885e72022-01-04 14:19:03.188root 11241100x80000000000000004278726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8d24c2c07c7c9e2022-01-04 14:19:03.188root 11241100x80000000000000004278727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bceb48a9679e102022-01-04 14:19:03.188root 11241100x80000000000000004278728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6c89dc0e91505e2022-01-04 14:19:03.188root 11241100x80000000000000004278729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb3fcb6348d642c2022-01-04 14:19:03.188root 11241100x80000000000000004278730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a918d36c5c70d1fc2022-01-04 14:19:03.189root 11241100x80000000000000004278731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d45d2a5f5e26c4d2022-01-04 14:19:03.189root 11241100x80000000000000004278732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb302f66fb74ea02022-01-04 14:19:03.189root 11241100x80000000000000004278733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63225b6bdde4fc2c2022-01-04 14:19:03.190root 11241100x80000000000000004278734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4bdace08248c2b2022-01-04 14:19:03.191root 11241100x80000000000000004278735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdfb213bae079502022-01-04 14:19:03.191root 11241100x80000000000000004278736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.192{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909920c49b93538a2022-01-04 14:19:03.192root 11241100x80000000000000004278737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.193{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2cff8814c776012022-01-04 14:19:03.193root 11241100x80000000000000004278738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.193{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16ee6547a5b60ab2022-01-04 14:19:03.193root 11241100x80000000000000004278739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.193{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9847a54c7a83bbba2022-01-04 14:19:03.193root 11241100x80000000000000004278740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.194{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee35d3b8e2b0d7e02022-01-04 14:19:03.194root 11241100x80000000000000004278741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12480a6556b25fa92022-01-04 14:19:03.195root 11241100x80000000000000004278742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ffe03cbdc1bcb2022-01-04 14:19:03.195root 11241100x80000000000000004278743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c4cc1d964a47ab2022-01-04 14:19:03.195root 11241100x80000000000000004278744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.195{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00fc200b3e5847b2022-01-04 14:19:03.195root 11241100x80000000000000004278745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.196{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac5f8a0d6954c522022-01-04 14:19:03.196root 11241100x80000000000000004278746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fa40d9ef3c01ee2022-01-04 14:19:03.197root 11241100x80000000000000004278747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b006054fab0cea2022-01-04 14:19:03.197root 11241100x80000000000000004278748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd30f2a5edf79532022-01-04 14:19:03.197root 11241100x80000000000000004278749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0d67ce524167e72022-01-04 14:19:03.197root 11241100x80000000000000004278750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.197{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ff0c9d97aa12fc2022-01-04 14:19:03.197root 11241100x80000000000000004278751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbca418d8aad27b2022-01-04 14:19:03.198root 11241100x80000000000000004278752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb75534eb7616f52022-01-04 14:19:03.198root 11241100x80000000000000004278753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db08b352ac1df832022-01-04 14:19:03.198root 11241100x80000000000000004278754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb6979c19b7acd12022-01-04 14:19:03.198root 11241100x80000000000000004278755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cfaae985f007792022-01-04 14:19:03.198root 11241100x80000000000000004278756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3f5420dfc51b92022-01-04 14:19:03.198root 11241100x80000000000000004278757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.198{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4a3a5f7ea82e952022-01-04 14:19:03.198root 11241100x80000000000000004278758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15735b27ca27e5392022-01-04 14:19:03.202root 11241100x80000000000000004278759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89769264b79a36162022-01-04 14:19:03.202root 11241100x80000000000000004278760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443e2cfc8be210c32022-01-04 14:19:03.202root 11241100x80000000000000004278761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a81c796a91fafa22022-01-04 14:19:03.202root 11241100x80000000000000004278762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44248f22c919db512022-01-04 14:19:03.202root 11241100x80000000000000004278763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e7d1821434786c2022-01-04 14:19:03.202root 11241100x80000000000000004278764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0d674213aa4d5d2022-01-04 14:19:03.202root 11241100x80000000000000004278765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b56f0de0eb53732022-01-04 14:19:03.459root 11241100x80000000000000004278766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0fb7fb3c9ca8f72022-01-04 14:19:03.460root 11241100x80000000000000004278767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d365abf04ec348a2022-01-04 14:19:03.461root 11241100x80000000000000004278768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a216c4483cff4e8e2022-01-04 14:19:03.461root 11241100x80000000000000004278769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278544e79e9ae682022-01-04 14:19:03.461root 11241100x80000000000000004278770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4da0260bf76614a2022-01-04 14:19:03.462root 11241100x80000000000000004278771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7264963a064589552022-01-04 14:19:03.462root 11241100x80000000000000004278772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8aa05d2b3561372022-01-04 14:19:03.462root 11241100x80000000000000004278773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55dc193386c2ebd2022-01-04 14:19:03.462root 11241100x80000000000000004278774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18717a077afa36e2022-01-04 14:19:03.463root 11241100x80000000000000004278775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c201d890280e802022-01-04 14:19:03.463root 11241100x80000000000000004278776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f047baf905767e582022-01-04 14:19:03.463root 11241100x80000000000000004278777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e39e2d6c6c8f6cb2022-01-04 14:19:03.465root 11241100x80000000000000004278778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c46414a2ea7ee752022-01-04 14:19:03.465root 11241100x80000000000000004278779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e0e4e0466305fc2022-01-04 14:19:03.465root 11241100x80000000000000004278780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4bc4b24b3155b82022-01-04 14:19:03.465root 11241100x80000000000000004278781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967d1d22bfd673f52022-01-04 14:19:03.465root 11241100x80000000000000004278782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992626270e126da02022-01-04 14:19:03.465root 11241100x80000000000000004278783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74bb51e923dbc832022-01-04 14:19:03.465root 11241100x80000000000000004278784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea92f239d9a053f2022-01-04 14:19:03.465root 11241100x80000000000000004278785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b867c7de9a1da3ab2022-01-04 14:19:03.466root 11241100x80000000000000004278786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fa391b32356c242022-01-04 14:19:03.466root 11241100x80000000000000004278787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1a25c8b8df581d2022-01-04 14:19:03.466root 11241100x80000000000000004278788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8edd8021d4f654d2022-01-04 14:19:03.466root 11241100x80000000000000004278789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc0f4dc883f03082022-01-04 14:19:03.466root 11241100x80000000000000004278790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e92feb2bddc1d42022-01-04 14:19:03.466root 11241100x80000000000000004278791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6882971eebe3353a2022-01-04 14:19:03.466root 11241100x80000000000000004278792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62fe1f5f37db0e2022-01-04 14:19:03.466root 11241100x80000000000000004278793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d62c3116e592a22022-01-04 14:19:03.466root 11241100x80000000000000004278794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9e5329ef6c74b72022-01-04 14:19:03.466root 11241100x80000000000000004278795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14e0f648333ebff2022-01-04 14:19:03.466root 11241100x80000000000000004278796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ab66a00edddf422022-01-04 14:19:03.466root 11241100x80000000000000004278797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889740d9cb34cb852022-01-04 14:19:03.466root 11241100x80000000000000004278798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7fa48316ebb6cb2022-01-04 14:19:03.959root 11241100x80000000000000004278799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f038b9bb10487442022-01-04 14:19:03.960root 11241100x80000000000000004278800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c7f19d7a6a0d272022-01-04 14:19:03.960root 11241100x80000000000000004278801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e9eb4e42740c862022-01-04 14:19:03.961root 11241100x80000000000000004278802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d1ac94bb2ff602022-01-04 14:19:03.961root 11241100x80000000000000004278803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06e4f52c93bc38f2022-01-04 14:19:03.961root 11241100x80000000000000004278804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cec5296b94c8c8d2022-01-04 14:19:03.962root 11241100x80000000000000004278805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea75bfe0cdf66f72022-01-04 14:19:03.962root 11241100x80000000000000004278806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9516db85d713c2022-01-04 14:19:03.962root 11241100x80000000000000004278807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a46c7abc8b6cc32022-01-04 14:19:03.962root 11241100x80000000000000004278808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c2162d23df5bf92022-01-04 14:19:03.963root 11241100x80000000000000004278809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc972e24074e0562022-01-04 14:19:03.963root 11241100x80000000000000004278810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893da47e77c16fe52022-01-04 14:19:03.963root 11241100x80000000000000004278811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fc36e4962b11892022-01-04 14:19:03.963root 11241100x80000000000000004278812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f1bb25674e1e7d2022-01-04 14:19:03.964root 11241100x80000000000000004278813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814d6919ad0ee02f2022-01-04 14:19:03.964root 11241100x80000000000000004278814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7ed5b9387af2f62022-01-04 14:19:03.964root 11241100x80000000000000004278815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac83e38a50e029672022-01-04 14:19:03.964root 11241100x80000000000000004278816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c731dd1ea12c19c62022-01-04 14:19:03.964root 11241100x80000000000000004278817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3ce5043bfae99a2022-01-04 14:19:03.964root 11241100x80000000000000004278818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567b2e4ac40492dc2022-01-04 14:19:03.964root 11241100x80000000000000004278819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b254cfe30235d2022-01-04 14:19:03.965root 11241100x80000000000000004278820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093279b5cf32e5a2022-01-04 14:19:03.965root 11241100x80000000000000004278821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17672436cf0898a92022-01-04 14:19:03.965root 11241100x80000000000000004278822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c18743a687d02b2022-01-04 14:19:03.965root 11241100x80000000000000004278823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc56e6ff975d9162022-01-04 14:19:03.965root 11241100x80000000000000004278824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf33d293bfb792182022-01-04 14:19:03.965root 11241100x80000000000000004278825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056e97771fbe5ced2022-01-04 14:19:03.966root 11241100x80000000000000004278826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dc479ff61e5a442022-01-04 14:19:03.966root 11241100x80000000000000004278827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e7900a6a2ac2042022-01-04 14:19:03.966root 11241100x80000000000000004278828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bb2a93f0191d542022-01-04 14:19:03.966root 11241100x80000000000000004278829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e49ae7f45ed720f2022-01-04 14:19:03.966root 11241100x80000000000000004278830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:03.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b35003aee2482f2022-01-04 14:19:03.966root 23542300x80000000000000004278831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.133{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004278832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28a5d8322636e12022-01-04 14:19:04.460root 11241100x80000000000000004278833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8f5af515a265082022-01-04 14:19:04.460root 11241100x80000000000000004278834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398e8fd23b6bdcba2022-01-04 14:19:04.460root 11241100x80000000000000004278835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428ccfc00432c3c72022-01-04 14:19:04.460root 11241100x80000000000000004278836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0034e4b8b13157ee2022-01-04 14:19:04.461root 11241100x80000000000000004278837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f30baf9338a37242022-01-04 14:19:04.461root 11241100x80000000000000004278838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e0695871faa8752022-01-04 14:19:04.461root 11241100x80000000000000004278839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a9d62603fb7fb82022-01-04 14:19:04.461root 11241100x80000000000000004278840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee74de491a46f732022-01-04 14:19:04.461root 11241100x80000000000000004278841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eea7f910423e4ad2022-01-04 14:19:04.462root 11241100x80000000000000004278842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b15d248bde06672022-01-04 14:19:04.462root 11241100x80000000000000004278843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7818878fdfd1896f2022-01-04 14:19:04.462root 11241100x80000000000000004278844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85d1c0213e349572022-01-04 14:19:04.462root 11241100x80000000000000004278845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff398096bcfed79b2022-01-04 14:19:04.463root 11241100x80000000000000004278846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dced314a4da03d382022-01-04 14:19:04.463root 11241100x80000000000000004278847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9b87e303abc99e2022-01-04 14:19:04.463root 11241100x80000000000000004278848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bd77941e5df43b2022-01-04 14:19:04.463root 11241100x80000000000000004278849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc2b94584d4bd52022-01-04 14:19:04.463root 11241100x80000000000000004278850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec85d9a84b09bc752022-01-04 14:19:04.463root 11241100x80000000000000004278851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b653cbe67e3572022-01-04 14:19:04.463root 11241100x80000000000000004278852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1707864126cb002022-01-04 14:19:04.463root 11241100x80000000000000004278853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c5c39427ede4b2022-01-04 14:19:04.463root 11241100x80000000000000004278854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388cf9043ce52bba2022-01-04 14:19:04.463root 11241100x80000000000000004278855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771548955e3b9ae32022-01-04 14:19:04.464root 11241100x80000000000000004278856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0158d38231d975ec2022-01-04 14:19:04.464root 11241100x80000000000000004278857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a26a233228b8fa2022-01-04 14:19:04.464root 11241100x80000000000000004278858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ced7e166bb2f8d52022-01-04 14:19:04.464root 11241100x80000000000000004278859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ec80c96db280472022-01-04 14:19:04.464root 11241100x80000000000000004278860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc433b08b6c0e3eb2022-01-04 14:19:04.464root 11241100x80000000000000004278861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf799eaa2950062022-01-04 14:19:04.464root 11241100x80000000000000004278862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d9c5e6f9b93d82022-01-04 14:19:04.465root 11241100x80000000000000004278863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996759c28096adaa2022-01-04 14:19:04.465root 11241100x80000000000000004278864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6e7c06e35e196c2022-01-04 14:19:04.465root 11241100x80000000000000004278865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8827c2e2ee385e392022-01-04 14:19:04.465root 11241100x80000000000000004278866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2108f358dbcd68ac2022-01-04 14:19:04.465root 11241100x80000000000000004278867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffd74da64e17a4c2022-01-04 14:19:04.465root 11241100x80000000000000004278868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dd27bf38b4564c2022-01-04 14:19:04.960root 11241100x80000000000000004278869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819c6606c5ce2db32022-01-04 14:19:04.960root 11241100x80000000000000004278870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e1a1c903dd66082022-01-04 14:19:04.960root 11241100x80000000000000004278871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c10f443625d4ae2022-01-04 14:19:04.960root 11241100x80000000000000004278872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c298260f1dcd08f62022-01-04 14:19:04.960root 11241100x80000000000000004278873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd4eff3f3297b202022-01-04 14:19:04.960root 11241100x80000000000000004278874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2f9c5cb28699aa2022-01-04 14:19:04.960root 11241100x80000000000000004278875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313cd86a53a207b12022-01-04 14:19:04.961root 11241100x80000000000000004278876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ecf8a782d6e7762022-01-04 14:19:04.961root 11241100x80000000000000004278877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ef5c21d690b1bc2022-01-04 14:19:04.961root 11241100x80000000000000004278878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae618044c16aef1f2022-01-04 14:19:04.961root 11241100x80000000000000004278879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3075db727e5d1bc22022-01-04 14:19:04.961root 11241100x80000000000000004278880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34633125af6d0e522022-01-04 14:19:04.961root 11241100x80000000000000004278881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ac0ca27ee492dc2022-01-04 14:19:04.961root 11241100x80000000000000004278882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b943533ce3937812022-01-04 14:19:04.961root 11241100x80000000000000004278883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2619c90d4aad772022-01-04 14:19:04.961root 11241100x80000000000000004278884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d329d9ae30ba4112022-01-04 14:19:04.961root 11241100x80000000000000004278885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f180ed3e5da65c02022-01-04 14:19:04.962root 11241100x80000000000000004278886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913299174785ca7c2022-01-04 14:19:04.962root 11241100x80000000000000004278887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28e8bc398ac3f732022-01-04 14:19:04.962root 11241100x80000000000000004278888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a084bfba5d0314062022-01-04 14:19:04.962root 11241100x80000000000000004278889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3557e6bcae732f42022-01-04 14:19:04.962root 11241100x80000000000000004278890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cc775c095efe982022-01-04 14:19:04.962root 11241100x80000000000000004278891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09977cf5080ee3872022-01-04 14:19:04.962root 11241100x80000000000000004278892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12201dfc34f267842022-01-04 14:19:04.962root 11241100x80000000000000004278893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7053bbfa7322af2022-01-04 14:19:04.962root 11241100x80000000000000004278894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee70aabdb5ac3022022-01-04 14:19:04.962root 11241100x80000000000000004278895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1f80c316492c22022-01-04 14:19:04.962root 11241100x80000000000000004278896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887be52f625d11462022-01-04 14:19:04.963root 11241100x80000000000000004278897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ab326c995891442022-01-04 14:19:04.963root 11241100x80000000000000004278898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2f469a83cd4282022-01-04 14:19:04.963root 11241100x80000000000000004278899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0657ba75a2af9b72022-01-04 14:19:04.963root 11241100x80000000000000004278900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:04.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f967f805480cb4602022-01-04 14:19:04.963root 11241100x80000000000000004278901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0248c6799b267fa2022-01-04 14:19:05.459root 11241100x80000000000000004278902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f7aa1678c587282022-01-04 14:19:05.460root 11241100x80000000000000004278903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2886403b70e3c72022-01-04 14:19:05.460root 11241100x80000000000000004278904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709981d6a43562b12022-01-04 14:19:05.460root 11241100x80000000000000004278905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1e281c9623f0eb2022-01-04 14:19:05.460root 11241100x80000000000000004278906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa958eb2c9875332022-01-04 14:19:05.460root 11241100x80000000000000004278907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a62497949d62472022-01-04 14:19:05.460root 11241100x80000000000000004278908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca928b23a2031a332022-01-04 14:19:05.460root 11241100x80000000000000004278909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cec195e080653472022-01-04 14:19:05.460root 11241100x80000000000000004278910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29cca663bd150482022-01-04 14:19:05.461root 11241100x80000000000000004278911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112c6fe29082b60a2022-01-04 14:19:05.461root 11241100x80000000000000004278912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dc303befac19a42022-01-04 14:19:05.461root 11241100x80000000000000004278913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b919bd76a4edcbfa2022-01-04 14:19:05.461root 11241100x80000000000000004278914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754994f4390496a92022-01-04 14:19:05.461root 11241100x80000000000000004278915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b10a3ba50b97162022-01-04 14:19:05.461root 11241100x80000000000000004278916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897a2fbb8ab607282022-01-04 14:19:05.461root 11241100x80000000000000004278917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811b6754f22d2192022-01-04 14:19:05.461root 11241100x80000000000000004278918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed74ed29715c3f9a2022-01-04 14:19:05.461root 11241100x80000000000000004278919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6195c13bea52e5452022-01-04 14:19:05.461root 11241100x80000000000000004278920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc51eca7f5b0f5f2022-01-04 14:19:05.462root 11241100x80000000000000004278921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbe7d997b582ae92022-01-04 14:19:05.462root 11241100x80000000000000004278922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b2c7bdd8fb122b2022-01-04 14:19:05.462root 11241100x80000000000000004278923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f580eefedefeb772022-01-04 14:19:05.462root 11241100x80000000000000004278924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a90237b02915ba12022-01-04 14:19:05.462root 11241100x80000000000000004278925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6b9d039e0859bb2022-01-04 14:19:05.462root 11241100x80000000000000004278926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac98f97deabe29e2022-01-04 14:19:05.462root 11241100x80000000000000004278927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb5be5d9db74dd02022-01-04 14:19:05.462root 11241100x80000000000000004278928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db4f26371a8bac2022-01-04 14:19:05.462root 11241100x80000000000000004278929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb35ce9221c8ae4f2022-01-04 14:19:05.462root 11241100x80000000000000004278930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c015f1b9e355f2022-01-04 14:19:05.462root 11241100x80000000000000004278931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01319df1d5757a3a2022-01-04 14:19:05.463root 11241100x80000000000000004278932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa56986d140e5df2022-01-04 14:19:05.463root 11241100x80000000000000004278933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2978665b6d150f2f2022-01-04 14:19:05.463root 11241100x80000000000000004278934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c89d2fede2ca172022-01-04 14:19:05.463root 154100x80000000000000004278935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.841{ec2e79f3-5759-61d4-6804-38ce01560000}14879/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000004278936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.842{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd92a558d53c3842022-01-04 14:19:05.842root 11241100x80000000000000004278937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.842{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b0cf8f34d314d62022-01-04 14:19:05.842root 11241100x80000000000000004278938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.842{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071071cd4c06a5ef2022-01-04 14:19:05.842root 11241100x80000000000000004278939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b9805cabac4e3e2022-01-04 14:19:05.843root 11241100x80000000000000004278940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aeeab6a6d381262022-01-04 14:19:05.843root 11241100x80000000000000004278941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdade244718a9c02022-01-04 14:19:05.843root 11241100x80000000000000004278942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fa7d5530dc751e2022-01-04 14:19:05.843root 11241100x80000000000000004278943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd006fba3c2c5ae22022-01-04 14:19:05.843root 11241100x80000000000000004278944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d20c563583ea4b2022-01-04 14:19:05.843root 11241100x80000000000000004278945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fb1c1a93d02cac2022-01-04 14:19:05.843root 11241100x80000000000000004278946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9153400a979889ed2022-01-04 14:19:05.843root 11241100x80000000000000004278947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c3efaac840efb12022-01-04 14:19:05.843root 11241100x80000000000000004278948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.843{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3f6e5293a03d892022-01-04 14:19:05.843root 11241100x80000000000000004278949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8177fcb69d4ded632022-01-04 14:19:05.844root 11241100x80000000000000004278950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ec120650e3344b2022-01-04 14:19:05.844root 11241100x80000000000000004278951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be72d4be7a8168f52022-01-04 14:19:05.844root 11241100x80000000000000004278952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8bfa0d64d3a8812022-01-04 14:19:05.844root 11241100x80000000000000004278953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7696de797f90b72022-01-04 14:19:05.844root 11241100x80000000000000004278954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.844{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08395b5a413e8b92022-01-04 14:19:05.844root 11241100x80000000000000004278955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429f4775af6130d22022-01-04 14:19:05.845root 11241100x80000000000000004278956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afe827f2d48f9072022-01-04 14:19:05.845root 11241100x80000000000000004278957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37764ab7d887aab22022-01-04 14:19:05.845root 11241100x80000000000000004278958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c1cda907ce5eee2022-01-04 14:19:05.845root 11241100x80000000000000004278959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6ab81a530117db2022-01-04 14:19:05.845root 11241100x80000000000000004278960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee73a00954cd0eed2022-01-04 14:19:05.845root 11241100x80000000000000004278961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.845{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe66a9b75672c22022-01-04 14:19:05.845root 11241100x80000000000000004278962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5430678e05043162022-01-04 14:19:05.846root 11241100x80000000000000004278963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d3f4ef5d796852022-01-04 14:19:05.846root 11241100x80000000000000004278964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a61ef9f3e403202022-01-04 14:19:05.846root 11241100x80000000000000004278965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f224b4d4f0894f852022-01-04 14:19:05.846root 11241100x80000000000000004278966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b026feaad5d9892022-01-04 14:19:05.846root 11241100x80000000000000004278967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.846{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7386233ce968cdc52022-01-04 14:19:05.846root 11241100x80000000000000004278968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.847{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aa910c005482e02022-01-04 14:19:05.847root 11241100x80000000000000004278969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.849{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0720fc96b4564cdd2022-01-04 14:19:05.849root 534500x80000000000000004278970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:05.854{ec2e79f3-5759-61d4-6804-38ce01560000}14879/bin/psroot 354300x80000000000000004278971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.155{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse93.104.77.114-57674-false10.0.1.25-22- 11241100x80000000000000004278972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.155{ec2e79f3-575a-61d4-0000-000000000000}14880/usr/sbin/sshd/proc/14880/oom_score_adj2022-01-04 14:19:06.155root 154100x80000000000000004278973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.155{ec2e79f3-575a-61d4-e017-76fa68550000}14880/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 11241100x80000000000000004278974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a944cdbd7166c8a52022-01-04 14:19:06.156root 11241100x80000000000000004278975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68088dd92de2b0f12022-01-04 14:19:06.156root 11241100x80000000000000004278976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb309371f48fa44c2022-01-04 14:19:06.156root 11241100x80000000000000004278977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a5fa2523328cf32022-01-04 14:19:06.157root 11241100x80000000000000004278978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c75a27aac0b61632022-01-04 14:19:06.157root 11241100x80000000000000004278979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a3be715f20e3a2022-01-04 14:19:06.157root 11241100x80000000000000004278980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad93121ecf8e92f92022-01-04 14:19:06.157root 11241100x80000000000000004278981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f44aab86fbff5c2022-01-04 14:19:06.157root 11241100x80000000000000004278982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc81cbf086bffad2022-01-04 14:19:06.157root 11241100x80000000000000004278983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9676abc50ffd692022-01-04 14:19:06.158root 11241100x80000000000000004278984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533292af662b15d2022-01-04 14:19:06.158root 11241100x80000000000000004278985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed55c20ded63cc72022-01-04 14:19:06.158root 11241100x80000000000000004278986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c4935ccbec2b102022-01-04 14:19:06.158root 11241100x80000000000000004278987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cc7802eb8c40de2022-01-04 14:19:06.158root 11241100x80000000000000004278988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6f00b4bd804b342022-01-04 14:19:06.158root 11241100x80000000000000004278989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56d45b77782be42022-01-04 14:19:06.158root 11241100x80000000000000004278990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99df4b24e6381d72022-01-04 14:19:06.158root 11241100x80000000000000004278991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a2bbb0b7f37e952022-01-04 14:19:06.158root 11241100x80000000000000004278992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.159{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d3ab6e7a004c0b2022-01-04 14:19:06.159root 11241100x80000000000000004278993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49791b8c8fcb3102022-01-04 14:19:06.160root 11241100x80000000000000004278994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9dc7d773f12d632022-01-04 14:19:06.160root 11241100x80000000000000004278995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3112d64badc2ba92022-01-04 14:19:06.160root 11241100x80000000000000004278996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdc0ea1de68353d2022-01-04 14:19:06.160root 11241100x80000000000000004278997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5307bd29650fe8372022-01-04 14:19:06.160root 11241100x80000000000000004278998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ae065c51ecf6132022-01-04 14:19:06.160root 11241100x80000000000000004278999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc0dd13cf6e25e92022-01-04 14:19:06.160root 11241100x80000000000000004279000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034ef53aa4360ee2022-01-04 14:19:06.160root 11241100x80000000000000004279001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6def2db81d0195322022-01-04 14:19:06.160root 11241100x80000000000000004279002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb89b8edb3c3482022-01-04 14:19:06.162root 11241100x80000000000000004279003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f1b4efa1fd97182022-01-04 14:19:06.162root 11241100x80000000000000004279004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b173cf9f34fab2022-01-04 14:19:06.162root 11241100x80000000000000004279005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97907067c4fd2d332022-01-04 14:19:06.162root 11241100x80000000000000004279006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a532e7673d2c7e5b2022-01-04 14:19:06.162root 11241100x80000000000000004279007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ff84c70667f17f2022-01-04 14:19:06.162root 11241100x80000000000000004279008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0065766b8a7ca6b62022-01-04 14:19:06.162root 11241100x80000000000000004279009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53772bb28db842bd2022-01-04 14:19:06.162root 11241100x80000000000000004279010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbbe477f24bf33a2022-01-04 14:19:06.163root 11241100x80000000000000004279011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9103122b701bee092022-01-04 14:19:06.164root 11241100x80000000000000004279012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df54082cd9cc2d92022-01-04 14:19:06.164root 11241100x80000000000000004279013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd32950403e9c0322022-01-04 14:19:06.164root 11241100x80000000000000004279014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65839cbf42659b1f2022-01-04 14:19:06.164root 11241100x80000000000000004279015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e185cfb338ad6392022-01-04 14:19:06.164root 11241100x80000000000000004279016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aa091cde7db8b92022-01-04 14:19:06.164root 11241100x80000000000000004279017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51542823e9aacbb82022-01-04 14:19:06.164root 11241100x80000000000000004279018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b111c3edd08cee2022-01-04 14:19:06.165root 11241100x80000000000000004279019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fdea9716c17f122022-01-04 14:19:06.166root 11241100x80000000000000004279020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4018ca1b514e8aca2022-01-04 14:19:06.166root 11241100x80000000000000004279021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f463d1aa3514c0e2022-01-04 14:19:06.166root 11241100x80000000000000004279022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3256eb6fca126dd2022-01-04 14:19:06.166root 11241100x80000000000000004279023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341b6066a766e50b2022-01-04 14:19:06.166root 11241100x80000000000000004279024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b218b7195081b2022-01-04 14:19:06.166root 11241100x80000000000000004279025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46246a7742f9bf6f2022-01-04 14:19:06.167root 11241100x80000000000000004279026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7238bd552063138f2022-01-04 14:19:06.167root 11241100x80000000000000004279027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00a94a467c02e682022-01-04 14:19:06.167root 11241100x80000000000000004279028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc61c800f07edcee2022-01-04 14:19:06.167root 11241100x80000000000000004279029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.168{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ae0bf57ad751962022-01-04 14:19:06.168root 11241100x80000000000000004279030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478b5fa623f00d112022-01-04 14:19:06.169root 11241100x80000000000000004279031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3df8385f85cc452022-01-04 14:19:06.169root 11241100x80000000000000004279032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb155083b22781ab2022-01-04 14:19:06.169root 11241100x80000000000000004279033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb995980ad1c2bf42022-01-04 14:19:06.169root 11241100x80000000000000004279034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffef817a5a179c7b2022-01-04 14:19:06.169root 11241100x80000000000000004279035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e342612126dc7a2022-01-04 14:19:06.169root 11241100x80000000000000004279036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71a39963bbd7af92022-01-04 14:19:06.169root 11241100x80000000000000004279037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63b8a73234386442022-01-04 14:19:06.169root 11241100x80000000000000004279038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28fc52a360e40b82022-01-04 14:19:06.169root 11241100x80000000000000004279039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8867ca8e03515ef2022-01-04 14:19:06.170root 11241100x80000000000000004279040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f25c5c324b89a2022-01-04 14:19:06.459root 11241100x80000000000000004279041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6ba2ced7fdb1682022-01-04 14:19:06.459root 11241100x80000000000000004279042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f969ff541873452022-01-04 14:19:06.459root 11241100x80000000000000004279043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66227f29c1a54a342022-01-04 14:19:06.459root 11241100x80000000000000004279044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c6d3590831e2b52022-01-04 14:19:06.459root 11241100x80000000000000004279045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae9ebcbe041a382022-01-04 14:19:06.459root 11241100x80000000000000004279046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66480084e5843332022-01-04 14:19:06.460root 11241100x80000000000000004279047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8c838894f4ab252022-01-04 14:19:06.460root 11241100x80000000000000004279048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5800c092fe2dd1502022-01-04 14:19:06.460root 11241100x80000000000000004279049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764d2ef5d939a0602022-01-04 14:19:06.460root 11241100x80000000000000004279050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee461d4bd7beed12022-01-04 14:19:06.460root 11241100x80000000000000004279051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbd5c10dc3cb2b42022-01-04 14:19:06.460root 11241100x80000000000000004279052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1bf05cc7c88af42022-01-04 14:19:06.460root 11241100x80000000000000004279053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d787918ec9693e7e2022-01-04 14:19:06.460root 11241100x80000000000000004279054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce84e71c075259ab2022-01-04 14:19:06.460root 11241100x80000000000000004279055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35ab698db50db012022-01-04 14:19:06.460root 11241100x80000000000000004279056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e35022723e0142022-01-04 14:19:06.460root 11241100x80000000000000004279057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c6e8943894a6702022-01-04 14:19:06.461root 11241100x80000000000000004279058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4119924b0e1c20222022-01-04 14:19:06.461root 11241100x80000000000000004279059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507aaf1b365a84a22022-01-04 14:19:06.461root 11241100x80000000000000004279060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b038d9ba9e35a2022-01-04 14:19:06.461root 11241100x80000000000000004279061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad93efe4c9f1c062022-01-04 14:19:06.461root 11241100x80000000000000004279062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f3be5b717a0bea2022-01-04 14:19:06.461root 11241100x80000000000000004279063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94649aba275540a12022-01-04 14:19:06.461root 11241100x80000000000000004279064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b8d16aa81d1e522022-01-04 14:19:06.461root 11241100x80000000000000004279065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe5aa710db514162022-01-04 14:19:06.461root 11241100x80000000000000004279066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520acf667bd05caa2022-01-04 14:19:06.461root 11241100x80000000000000004279067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fab2ef100f87a82022-01-04 14:19:06.462root 11241100x80000000000000004279068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29dade03ace8fe2022-01-04 14:19:06.462root 11241100x80000000000000004279069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2d37875246c2432022-01-04 14:19:06.462root 11241100x80000000000000004279070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef269f956bc8fbf2022-01-04 14:19:06.462root 11241100x80000000000000004279071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adaccd7505734112022-01-04 14:19:06.462root 11241100x80000000000000004279072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a01904100ed8c42022-01-04 14:19:06.462root 11241100x80000000000000004279073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56939b656c6969872022-01-04 14:19:06.462root 11241100x80000000000000004279074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1033863413cf71e92022-01-04 14:19:06.462root 11241100x80000000000000004279075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca1e5bd6cf3e05d2022-01-04 14:19:06.462root 11241100x80000000000000004279076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d94be8a49052b2022-01-04 14:19:06.462root 11241100x80000000000000004279077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccbaa811a79c3e52022-01-04 14:19:06.462root 11241100x80000000000000004279078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa39216c486b96102022-01-04 14:19:06.462root 11241100x80000000000000004279079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3847b67b32f8ee2022-01-04 14:19:06.462root 11241100x80000000000000004279080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f037b922d2d011852022-01-04 14:19:06.463root 11241100x80000000000000004279081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b3f9e0646c38ed2022-01-04 14:19:06.463root 11241100x80000000000000004279082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9b59e20d2bb61e2022-01-04 14:19:06.463root 11241100x80000000000000004279083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7bb0f0f6d3f792022-01-04 14:19:06.463root 11241100x80000000000000004279084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a5e0af958f549b2022-01-04 14:19:06.960root 11241100x80000000000000004279085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eca5287446f09df2022-01-04 14:19:06.960root 11241100x80000000000000004279086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de20b822a577be42022-01-04 14:19:06.960root 11241100x80000000000000004279087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd66fe189b08dde82022-01-04 14:19:06.960root 11241100x80000000000000004279088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec3649bc2f7d9a82022-01-04 14:19:06.960root 11241100x80000000000000004279089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e94e25b127ed962022-01-04 14:19:06.960root 11241100x80000000000000004279090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0002c13ae2a74d7a2022-01-04 14:19:06.960root 11241100x80000000000000004279091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317803c4f684c17f2022-01-04 14:19:06.960root 11241100x80000000000000004279092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8931a61c1c7b72022-01-04 14:19:06.960root 11241100x80000000000000004279093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0a6cdfb514533a2022-01-04 14:19:06.960root 11241100x80000000000000004279094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d08ee4fcd84b602022-01-04 14:19:06.960root 11241100x80000000000000004279095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4cd116dcc40f152022-01-04 14:19:06.961root 11241100x80000000000000004279096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033becc6254cf7502022-01-04 14:19:06.961root 11241100x80000000000000004279097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb70a09f43292a12022-01-04 14:19:06.961root 11241100x80000000000000004279098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990cf4dd8123bbe42022-01-04 14:19:06.961root 11241100x80000000000000004279099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28bbf9f7e3ca5ed2022-01-04 14:19:06.961root 11241100x80000000000000004279100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce52a9f9bfff6ee2022-01-04 14:19:06.961root 11241100x80000000000000004279101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56403e98b90928ec2022-01-04 14:19:06.961root 11241100x80000000000000004279102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8554b5d3745ea8582022-01-04 14:19:06.961root 11241100x80000000000000004279103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabe9781f9bb49b12022-01-04 14:19:06.961root 11241100x80000000000000004279104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7293472e06cd4302022-01-04 14:19:06.961root 11241100x80000000000000004279105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a99c581f20f61a12022-01-04 14:19:06.961root 11241100x80000000000000004279106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa372eabc2d3ad22022-01-04 14:19:06.961root 11241100x80000000000000004279107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f394d46fac4fc2022-01-04 14:19:06.961root 11241100x80000000000000004279108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d500484a2aa32ef2022-01-04 14:19:06.961root 11241100x80000000000000004279109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616ae58d1385e4952022-01-04 14:19:06.962root 11241100x80000000000000004279110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c23378989a2c02e2022-01-04 14:19:06.962root 11241100x80000000000000004279111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfe58ff1f9063422022-01-04 14:19:06.962root 11241100x80000000000000004279112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42595c259e79b552022-01-04 14:19:06.962root 11241100x80000000000000004279113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774a418d21158c002022-01-04 14:19:06.962root 11241100x80000000000000004279114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7910d58b5ab144ca2022-01-04 14:19:06.962root 11241100x80000000000000004279115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f3e1ad2da5d27f2022-01-04 14:19:06.962root 11241100x80000000000000004279116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c70cd713b7909142022-01-04 14:19:06.962root 11241100x80000000000000004279117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a2ee14d5b0b68c2022-01-04 14:19:06.962root 11241100x80000000000000004279118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815bba33051dc0c12022-01-04 14:19:06.962root 11241100x80000000000000004279119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f72a70844a5eb62022-01-04 14:19:06.962root 11241100x80000000000000004279120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833e58b31611db732022-01-04 14:19:06.962root 11241100x80000000000000004279121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360a6ddaa969e1892022-01-04 14:19:06.962root 11241100x80000000000000004279122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cac7eb93805f122022-01-04 14:19:06.962root 11241100x80000000000000004279123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b7e42df5c6ae982022-01-04 14:19:07.459root 11241100x80000000000000004279124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05eeba4a632844a2022-01-04 14:19:07.460root 11241100x80000000000000004279125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ea980382af4e9a2022-01-04 14:19:07.460root 11241100x80000000000000004279126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df378ef28b28fe042022-01-04 14:19:07.460root 11241100x80000000000000004279127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd249e48eceb3062022-01-04 14:19:07.460root 11241100x80000000000000004279128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a05d03ab3ac26d2022-01-04 14:19:07.460root 11241100x80000000000000004279129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e41097acfce0932022-01-04 14:19:07.461root 11241100x80000000000000004279130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b336981c690fe0d2022-01-04 14:19:07.461root 11241100x80000000000000004279131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c97bee4ceae6842022-01-04 14:19:07.461root 11241100x80000000000000004279132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552f2b83c6eecfb12022-01-04 14:19:07.461root 11241100x80000000000000004279133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92a969c018d1fb32022-01-04 14:19:07.461root 11241100x80000000000000004279134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e7153b567992e2022-01-04 14:19:07.462root 11241100x80000000000000004279135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c9e606e2b1cb72022-01-04 14:19:07.462root 11241100x80000000000000004279136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb66ddfada11bc722022-01-04 14:19:07.462root 11241100x80000000000000004279137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc95195dc966897a2022-01-04 14:19:07.462root 11241100x80000000000000004279138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6abe46b036dc9ab2022-01-04 14:19:07.462root 11241100x80000000000000004279139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b22b7a97fb1ba292022-01-04 14:19:07.462root 11241100x80000000000000004279140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5911a50501877a0a2022-01-04 14:19:07.463root 11241100x80000000000000004279141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d6231060f5831c2022-01-04 14:19:07.463root 11241100x80000000000000004279142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d519cd8bd63a682022-01-04 14:19:07.463root 11241100x80000000000000004279143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b9f3f5e6d954502022-01-04 14:19:07.463root 11241100x80000000000000004279144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa35505c28d7be912022-01-04 14:19:07.463root 11241100x80000000000000004279145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2cd3456bed20ce2022-01-04 14:19:07.463root 11241100x80000000000000004279146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30af65ee8ce71d652022-01-04 14:19:07.464root 11241100x80000000000000004279147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34f94292accee072022-01-04 14:19:07.464root 11241100x80000000000000004279148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e5bd096d27aa22022-01-04 14:19:07.464root 11241100x80000000000000004279149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5bd783ab06a50e2022-01-04 14:19:07.464root 11241100x80000000000000004279150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2aff6ac913bddd2022-01-04 14:19:07.464root 11241100x80000000000000004279151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f10e39c0e551a1b2022-01-04 14:19:07.465root 11241100x80000000000000004279152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b1af0df85a5da72022-01-04 14:19:07.465root 11241100x80000000000000004279153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33961cabdda8d94a2022-01-04 14:19:07.465root 11241100x80000000000000004279154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2ebd2e6b37bfef2022-01-04 14:19:07.465root 11241100x80000000000000004279155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a8040d11e805b22022-01-04 14:19:07.465root 11241100x80000000000000004279156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934b2346e1229ef22022-01-04 14:19:07.465root 11241100x80000000000000004279157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75a33bc5b4409762022-01-04 14:19:07.465root 11241100x80000000000000004279158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299396ba5110ce6d2022-01-04 14:19:07.465root 11241100x80000000000000004279159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621acf8fa23a569a2022-01-04 14:19:07.465root 11241100x80000000000000004279160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e85fe92da2eacf2022-01-04 14:19:07.465root 11241100x80000000000000004279161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7772e9b9bd6cc2472022-01-04 14:19:07.465root 11241100x80000000000000004279162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284066da18135a912022-01-04 14:19:07.465root 11241100x80000000000000004279163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dd2e08990a7e042022-01-04 14:19:07.465root 11241100x80000000000000004279164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc131798399cd1a2022-01-04 14:19:07.465root 11241100x80000000000000004279165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dcad0a57f24e8d2022-01-04 14:19:07.959root 11241100x80000000000000004279166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658fa93a2cffdde32022-01-04 14:19:07.959root 11241100x80000000000000004279167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e9f259605748462022-01-04 14:19:07.960root 11241100x80000000000000004279168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1da2bae20429e2022-01-04 14:19:07.960root 11241100x80000000000000004279169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b579366d4cc82fa42022-01-04 14:19:07.960root 11241100x80000000000000004279170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3d212ff55643702022-01-04 14:19:07.960root 11241100x80000000000000004279171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2253c153db3c24a12022-01-04 14:19:07.960root 11241100x80000000000000004279172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cb5288a2d197ba2022-01-04 14:19:07.960root 11241100x80000000000000004279173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2a3cdf1ede86712022-01-04 14:19:07.960root 11241100x80000000000000004279174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441bd2a4a959333b2022-01-04 14:19:07.960root 11241100x80000000000000004279175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c0374bd6ca0f652022-01-04 14:19:07.960root 11241100x80000000000000004279176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0679cd985c9fe1af2022-01-04 14:19:07.961root 11241100x80000000000000004279177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e792eb2b2b2ecfdc2022-01-04 14:19:07.961root 11241100x80000000000000004279178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fcd78c4d0dad612022-01-04 14:19:07.961root 11241100x80000000000000004279179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b0d485c0d424572022-01-04 14:19:07.961root 11241100x80000000000000004279180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f953314974fcd82022-01-04 14:19:07.962root 11241100x80000000000000004279181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cfae1b3c17a16f2022-01-04 14:19:07.962root 11241100x80000000000000004279182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd13ac8e26bf8a2022-01-04 14:19:07.962root 11241100x80000000000000004279183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a183c47585177d62022-01-04 14:19:07.962root 11241100x80000000000000004279184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b929f6a04d76eb2022-01-04 14:19:07.962root 11241100x80000000000000004279185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09860dead074dcb82022-01-04 14:19:07.962root 11241100x80000000000000004279186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8865bd6d46a7d22022-01-04 14:19:07.962root 11241100x80000000000000004279187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a12fda4819a1272022-01-04 14:19:07.962root 11241100x80000000000000004279188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdd371413d158c52022-01-04 14:19:07.962root 11241100x80000000000000004279189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69a363503688cf2022-01-04 14:19:07.962root 11241100x80000000000000004279190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaef88fb04c22bbe2022-01-04 14:19:07.962root 11241100x80000000000000004279191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1c698a3539e1bd2022-01-04 14:19:07.963root 11241100x80000000000000004279192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe12bcb21b3ae322022-01-04 14:19:07.963root 11241100x80000000000000004279193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89af9a37038d2c2022-01-04 14:19:07.963root 11241100x80000000000000004279194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de629b5377a122a2022-01-04 14:19:07.963root 11241100x80000000000000004279195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf5e6d85347e5292022-01-04 14:19:07.963root 11241100x80000000000000004279196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e288815f14f907a92022-01-04 14:19:07.964root 11241100x80000000000000004279197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ca75efcd83e4842022-01-04 14:19:07.964root 11241100x80000000000000004279198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b79599e4938b2102022-01-04 14:19:07.964root 11241100x80000000000000004279199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b38b354913ed572022-01-04 14:19:07.964root 11241100x80000000000000004279200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0cab8920aa27542022-01-04 14:19:07.964root 11241100x80000000000000004279201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3142507118fdbe2022-01-04 14:19:07.965root 11241100x80000000000000004279202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b66377d47f512f2022-01-04 14:19:07.965root 11241100x80000000000000004279203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5afb6af8882cea42022-01-04 14:19:07.965root 11241100x80000000000000004279204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8b83d3b2ad0e62022-01-04 14:19:07.965root 11241100x80000000000000004279205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb68636febca18f2022-01-04 14:19:07.965root 11241100x80000000000000004279206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2219eca59d553fb2022-01-04 14:19:07.965root 11241100x80000000000000004279207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf9f6bb20e193942022-01-04 14:19:07.965root 11241100x80000000000000004279208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09901b145b451412022-01-04 14:19:07.966root 11241100x80000000000000004279209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:07.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d5b6cead0d699e2022-01-04 14:19:07.966root 11241100x80000000000000004279210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccd0ff0c3b673f12022-01-04 14:19:08.459root 11241100x80000000000000004279211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70833f7948d7ad922022-01-04 14:19:08.459root 11241100x80000000000000004279212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7583f21ebcd2962022-01-04 14:19:08.459root 11241100x80000000000000004279213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7122443fb2cb93f12022-01-04 14:19:08.460root 11241100x80000000000000004279214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf53edcb5b361f02022-01-04 14:19:08.460root 11241100x80000000000000004279215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7141f565d40888352022-01-04 14:19:08.460root 11241100x80000000000000004279216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8150fd44742560e2022-01-04 14:19:08.460root 11241100x80000000000000004279217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec989d70889eadf2022-01-04 14:19:08.460root 11241100x80000000000000004279218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32acdc8b0971b9942022-01-04 14:19:08.460root 11241100x80000000000000004279219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c9b73a0fdb19d32022-01-04 14:19:08.460root 11241100x80000000000000004279220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e000742e71f11e152022-01-04 14:19:08.460root 11241100x80000000000000004279221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea6af583709f2092022-01-04 14:19:08.460root 11241100x80000000000000004279222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7677643f9c0cd3f32022-01-04 14:19:08.460root 11241100x80000000000000004279223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6299603a90703002022-01-04 14:19:08.460root 11241100x80000000000000004279224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144d98f299dc7f492022-01-04 14:19:08.460root 11241100x80000000000000004279225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696514f4b0b6788c2022-01-04 14:19:08.461root 11241100x80000000000000004279226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a1dea64d46a4ee2022-01-04 14:19:08.461root 11241100x80000000000000004279227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6311d6023c24832022-01-04 14:19:08.461root 11241100x80000000000000004279228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6c09367e98dab82022-01-04 14:19:08.461root 11241100x80000000000000004279229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf9da39915cb55a2022-01-04 14:19:08.461root 11241100x80000000000000004279230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38eb2b5f4e2ccb4f2022-01-04 14:19:08.461root 11241100x80000000000000004279231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c4064f47384a6e2022-01-04 14:19:08.461root 11241100x80000000000000004279232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55080a1d842030d2022-01-04 14:19:08.461root 11241100x80000000000000004279233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8826e1569102d9b32022-01-04 14:19:08.461root 11241100x80000000000000004279234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d203736c7877a962022-01-04 14:19:08.461root 11241100x80000000000000004279235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f3b60c0eb054542022-01-04 14:19:08.461root 11241100x80000000000000004279236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bff1c5bd9f45cd2022-01-04 14:19:08.461root 11241100x80000000000000004279237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39415794010e09662022-01-04 14:19:08.461root 11241100x80000000000000004279238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196089b5f704b0d32022-01-04 14:19:08.462root 11241100x80000000000000004279239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d8077c74646ae92022-01-04 14:19:08.462root 11241100x80000000000000004279240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0a4e7110bfdf7a2022-01-04 14:19:08.462root 11241100x80000000000000004279241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c469321ddc55d2022-01-04 14:19:08.462root 11241100x80000000000000004279242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e91dc0a6bdd3ff2022-01-04 14:19:08.462root 11241100x80000000000000004279243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5fd1972ae59efd2022-01-04 14:19:08.463root 11241100x80000000000000004279244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835759a513a46db22022-01-04 14:19:08.463root 11241100x80000000000000004279245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0487bdc60d1d1db52022-01-04 14:19:08.463root 11241100x80000000000000004279246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a31203c604d8de92022-01-04 14:19:08.465root 11241100x80000000000000004279247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96a4ebe46b4513c2022-01-04 14:19:08.465root 11241100x80000000000000004279248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7970fac8ba94eb2022-01-04 14:19:08.465root 11241100x80000000000000004279249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc6927e9e01065f2022-01-04 14:19:08.465root 11241100x80000000000000004279250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd9cff62d2204692022-01-04 14:19:08.465root 11241100x80000000000000004279251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba40d341a4a04af02022-01-04 14:19:08.466root 11241100x80000000000000004279252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d796b2e86bd9b1ea2022-01-04 14:19:08.466root 11241100x80000000000000004279253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3cabf54fb888792022-01-04 14:19:08.466root 11241100x80000000000000004279254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcee8061e47cdac2022-01-04 14:19:08.466root 11241100x80000000000000004279255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38fe05aacb8b6a2022-01-04 14:19:08.466root 11241100x80000000000000004279256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f02e089856dd052022-01-04 14:19:08.466root 11241100x80000000000000004279257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10c4b3c1742987f2022-01-04 14:19:08.959root 11241100x80000000000000004279258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670dddbc833bb85f2022-01-04 14:19:08.959root 11241100x80000000000000004279259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5616a2ee9aef8f2022-01-04 14:19:08.959root 11241100x80000000000000004279260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e27750a4bc9ee02022-01-04 14:19:08.959root 11241100x80000000000000004279261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43730e464c59b622022-01-04 14:19:08.959root 11241100x80000000000000004279262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a570cfb8bff685c2022-01-04 14:19:08.960root 11241100x80000000000000004279263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fb411e55348ef82022-01-04 14:19:08.960root 11241100x80000000000000004279264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7920e4fc8d81c2022-01-04 14:19:08.960root 11241100x80000000000000004279265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c03425c9c8121062022-01-04 14:19:08.960root 11241100x80000000000000004279266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334893f64648b9292022-01-04 14:19:08.960root 11241100x80000000000000004279267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b31e775fc021fa2022-01-04 14:19:08.960root 11241100x80000000000000004279268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4579b1932dedd6e22022-01-04 14:19:08.960root 11241100x80000000000000004279269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1048f4f89c74a1d22022-01-04 14:19:08.960root 11241100x80000000000000004279270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bf882a0fc3e2862022-01-04 14:19:08.960root 11241100x80000000000000004279271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e02c04ecec048ad2022-01-04 14:19:08.960root 11241100x80000000000000004279272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b87e57b6165e112022-01-04 14:19:08.960root 11241100x80000000000000004279273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b57c36b254459a32022-01-04 14:19:08.960root 11241100x80000000000000004279274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59434f958df42fba2022-01-04 14:19:08.960root 11241100x80000000000000004279275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b626536d850dd2022-01-04 14:19:08.961root 11241100x80000000000000004279276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a0616626978aef2022-01-04 14:19:08.961root 11241100x80000000000000004279277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4573807877ae0a32022-01-04 14:19:08.961root 11241100x80000000000000004279278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadf10a14e9d49bf2022-01-04 14:19:08.961root 11241100x80000000000000004279279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160f3f1c35bec9712022-01-04 14:19:08.961root 11241100x80000000000000004279280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1043f3a71a7fbb332022-01-04 14:19:08.961root 11241100x80000000000000004279281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe15aa232e57f6f2022-01-04 14:19:08.961root 11241100x80000000000000004279282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76031e86780497622022-01-04 14:19:08.961root 11241100x80000000000000004279283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda60888e013725f2022-01-04 14:19:08.961root 11241100x80000000000000004279284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc69689f33d51872022-01-04 14:19:08.961root 11241100x80000000000000004279285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f65ec0093793142022-01-04 14:19:08.961root 11241100x80000000000000004279286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c557e49fc615702022-01-04 14:19:08.961root 11241100x80000000000000004279287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1f4341ae9639592022-01-04 14:19:08.961root 11241100x80000000000000004279288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0505224ca0b97fa42022-01-04 14:19:08.961root 11241100x80000000000000004279289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6e0581ed32ca7f2022-01-04 14:19:08.961root 11241100x80000000000000004279290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ee3902a27f0a752022-01-04 14:19:08.962root 11241100x80000000000000004279291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8bb487492b13032022-01-04 14:19:08.962root 11241100x80000000000000004279292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860f00e031b58f7a2022-01-04 14:19:08.962root 11241100x80000000000000004279293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f87c0901f95e62022-01-04 14:19:08.962root 11241100x80000000000000004279294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c6fbeec1f0e3202022-01-04 14:19:08.962root 11241100x80000000000000004279295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a941a071871f3182022-01-04 14:19:08.962root 11241100x80000000000000004279296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e045c2f546ee8a2022-01-04 14:19:08.962root 11241100x80000000000000004279297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1e1e863d02d0862022-01-04 14:19:08.962root 11241100x80000000000000004279298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e74dbaa4a99a2f2022-01-04 14:19:08.962root 11241100x80000000000000004279299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1a82604ee945e2022-01-04 14:19:08.962root 11241100x80000000000000004279300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5c3afda4fff0982022-01-04 14:19:08.962root 11241100x80000000000000004279301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f474a8a5fb9b2b2022-01-04 14:19:08.962root 11241100x80000000000000004279302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c8fe9e2df9b6cf2022-01-04 14:19:08.962root 11241100x80000000000000004279303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e331aac6cf3a3e2022-01-04 14:19:08.962root 11241100x80000000000000004279304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ca2353b47ce0232022-01-04 14:19:08.962root 11241100x80000000000000004279305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07efd1980991a09d2022-01-04 14:19:08.963root 11241100x80000000000000004279306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9807cfc0c58262022-01-04 14:19:08.963root 11241100x80000000000000004279307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e75169a13f50f02022-01-04 14:19:08.963root 11241100x80000000000000004279308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cdcdfc2d010fda2022-01-04 14:19:08.963root 11241100x80000000000000004279309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e861117d9d8257ed2022-01-04 14:19:08.963root 11241100x80000000000000004279310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54789bb0b88765cb2022-01-04 14:19:08.963root 11241100x80000000000000004279311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01801a275e6607f2022-01-04 14:19:08.964root 11241100x80000000000000004279312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06932038a532ed3b2022-01-04 14:19:08.964root 11241100x80000000000000004279313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dca4be74f4edba2022-01-04 14:19:08.964root 11241100x80000000000000004279314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff66c4bd288425ff2022-01-04 14:19:08.964root 11241100x80000000000000004279315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc64b6b262f6517a2022-01-04 14:19:08.964root 11241100x80000000000000004279316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d2981d53935d82022-01-04 14:19:08.964root 11241100x80000000000000004279317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208a0f684e54d61b2022-01-04 14:19:08.964root 11241100x80000000000000004279318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c96d510ed084d22022-01-04 14:19:08.964root 11241100x80000000000000004279319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e2407d1700585b2022-01-04 14:19:08.964root 11241100x80000000000000004279320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee3539f5df177732022-01-04 14:19:08.965root 11241100x80000000000000004279321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625dfe0ca2dd42ed2022-01-04 14:19:08.965root 11241100x80000000000000004279322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea0d01c2a31f8ca2022-01-04 14:19:08.965root 11241100x80000000000000004279323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ae13a8dc26135e2022-01-04 14:19:08.965root 11241100x80000000000000004279324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefd3844a99ffe882022-01-04 14:19:08.965root 11241100x80000000000000004279325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e640255d264798542022-01-04 14:19:08.965root 11241100x80000000000000004279326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bfb38dbac56f6b2022-01-04 14:19:08.965root 11241100x80000000000000004279327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288cb7f539ac39ce2022-01-04 14:19:08.965root 11241100x80000000000000004279328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d72e0f6af9bd8c82022-01-04 14:19:08.966root 11241100x80000000000000004279329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29d3e5e1b6d85972022-01-04 14:19:08.966root 11241100x80000000000000004279330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250a501940e5320d2022-01-04 14:19:08.967root 11241100x80000000000000004279331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7254c35accc225032022-01-04 14:19:08.967root 11241100x80000000000000004279332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec77b4d1bf5b0f9b2022-01-04 14:19:08.967root 11241100x80000000000000004279333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ee7404b9888c262022-01-04 14:19:08.967root 11241100x80000000000000004279334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a669145be73a89782022-01-04 14:19:08.967root 11241100x80000000000000004279335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af317ac9bc8649092022-01-04 14:19:08.967root 11241100x80000000000000004279336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3974ad2931ecd422022-01-04 14:19:08.967root 11241100x80000000000000004279337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b08798013f68052022-01-04 14:19:08.967root 11241100x80000000000000004279338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288f3c59143870912022-01-04 14:19:08.967root 11241100x80000000000000004279339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264811f2b03834442022-01-04 14:19:08.967root 11241100x80000000000000004279340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63b56532647bbf92022-01-04 14:19:08.967root 11241100x80000000000000004279341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ada06bf50b8d232022-01-04 14:19:08.968root 11241100x80000000000000004279342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e1c61dc0d97ba42022-01-04 14:19:08.968root 11241100x80000000000000004279343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973094a005f151882022-01-04 14:19:08.968root 11241100x80000000000000004279344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75a1992d5a94c9a2022-01-04 14:19:08.968root 11241100x80000000000000004279345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9263d25f14f6dfc2022-01-04 14:19:08.968root 11241100x80000000000000004279346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632fa780b2713552022-01-04 14:19:08.968root 11241100x80000000000000004279347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6118b799e95e82222022-01-04 14:19:08.968root 11241100x80000000000000004279348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f678b3be358c9ff32022-01-04 14:19:08.968root 11241100x80000000000000004279349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fb8bd89aba46ef2022-01-04 14:19:08.968root 11241100x80000000000000004279350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cb1b282e4811db2022-01-04 14:19:08.968root 11241100x80000000000000004279351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dd5db436b42dac2022-01-04 14:19:08.968root 11241100x80000000000000004279352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9432d02a26af2572022-01-04 14:19:08.968root 11241100x80000000000000004279353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3fcb59e3ba01432022-01-04 14:19:08.971root 11241100x80000000000000004279354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3a60f0e18d8a772022-01-04 14:19:08.971root 11241100x80000000000000004279355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b38b768e824092022-01-04 14:19:08.971root 11241100x80000000000000004279356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a0be5da869a3e32022-01-04 14:19:08.972root 11241100x80000000000000004279357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c96d0218f2d6aec2022-01-04 14:19:08.972root 11241100x80000000000000004279358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bfe3e3abf58c532022-01-04 14:19:08.972root 11241100x80000000000000004279359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2db0977f68fb9362022-01-04 14:19:08.972root 11241100x80000000000000004279360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e88bae2444af882022-01-04 14:19:08.972root 11241100x80000000000000004279361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c1f72aca6306ca2022-01-04 14:19:08.972root 11241100x80000000000000004279362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d1238b39b6edc72022-01-04 14:19:08.972root 11241100x80000000000000004279363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d906377b823f2302022-01-04 14:19:08.972root 11241100x80000000000000004279364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d57f950bf3a9b92022-01-04 14:19:08.972root 11241100x80000000000000004279365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e5b9942751b2f2022-01-04 14:19:08.972root 11241100x80000000000000004279366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6f3f8d7d26fde2022-01-04 14:19:08.972root 11241100x80000000000000004279367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13d766a8e8f6b182022-01-04 14:19:08.972root 11241100x80000000000000004279368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0fd93b8f6d5e502022-01-04 14:19:08.973root 11241100x80000000000000004279369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe78381c4529d192022-01-04 14:19:08.973root 11241100x80000000000000004279370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59842bc1ef61f4822022-01-04 14:19:08.973root 11241100x80000000000000004279371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c2d450630096aa2022-01-04 14:19:08.973root 11241100x80000000000000004279372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecaa7d6f0fc28772022-01-04 14:19:08.973root 11241100x80000000000000004279373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a74975007461012022-01-04 14:19:08.973root 11241100x80000000000000004279374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ae791cc57bca912022-01-04 14:19:08.973root 11241100x80000000000000004279375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2a1038312d01c92022-01-04 14:19:08.973root 11241100x80000000000000004279376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a90d8cd3d6157b2022-01-04 14:19:08.973root 11241100x80000000000000004279377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff4785ddf1f3a232022-01-04 14:19:08.973root 11241100x80000000000000004279378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983902b2e3e63e252022-01-04 14:19:08.973root 11241100x80000000000000004279379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc6fd250bc98252022-01-04 14:19:08.973root 11241100x80000000000000004279380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099082da33be71e72022-01-04 14:19:08.974root 11241100x80000000000000004279381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765a2fdf629aedf12022-01-04 14:19:08.974root 11241100x80000000000000004279382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e5cd7471a31f922022-01-04 14:19:08.974root 11241100x80000000000000004279383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fafb657e176bbd2022-01-04 14:19:08.974root 11241100x80000000000000004279384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9bc825f956a5462022-01-04 14:19:08.974root 11241100x80000000000000004279385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c931cd600261ff2022-01-04 14:19:08.974root 11241100x80000000000000004279386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e873c7cf65caca652022-01-04 14:19:08.974root 11241100x80000000000000004279387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c162e74b6e020302022-01-04 14:19:08.974root 11241100x80000000000000004279388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a82ea30dacb4f192022-01-04 14:19:08.974root 11241100x80000000000000004279389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e45bd3ba5e3c1282022-01-04 14:19:08.974root 11241100x80000000000000004279390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:08.975{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56da89a1ef49fb2022-01-04 14:19:08.975root 354300x80000000000000004279391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.040{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41518-false10.0.1.12-8000- 11241100x80000000000000004279392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4812616df11cd5ce2022-01-04 14:19:09.460root 11241100x80000000000000004279393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88550276eee94d5e2022-01-04 14:19:09.460root 11241100x80000000000000004279394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e08c639bf4f75a2022-01-04 14:19:09.460root 11241100x80000000000000004279395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16460979e3c309a2022-01-04 14:19:09.460root 11241100x80000000000000004279396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2ed22df0a7c0872022-01-04 14:19:09.461root 11241100x80000000000000004279397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7cd12ed5972d372022-01-04 14:19:09.461root 11241100x80000000000000004279398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2214997c889782812022-01-04 14:19:09.461root 11241100x80000000000000004279399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826273c0ee49f8f32022-01-04 14:19:09.461root 11241100x80000000000000004279400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17506cb1ad6e8b62022-01-04 14:19:09.461root 11241100x80000000000000004279401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b0483bbc6afde52022-01-04 14:19:09.461root 11241100x80000000000000004279402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65f4a0422dc25fb2022-01-04 14:19:09.461root 11241100x80000000000000004279403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c2a3d75fa3d6ab2022-01-04 14:19:09.461root 11241100x80000000000000004279404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf6943549ea2e22022-01-04 14:19:09.462root 11241100x80000000000000004279405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272c0d7d9d30155f2022-01-04 14:19:09.462root 11241100x80000000000000004279406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cc3546d2b34e9e2022-01-04 14:19:09.462root 11241100x80000000000000004279407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca2ad956517fa5b2022-01-04 14:19:09.462root 11241100x80000000000000004279408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b92755736ea1b72022-01-04 14:19:09.462root 11241100x80000000000000004279409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47600bfbc8e43622022-01-04 14:19:09.462root 11241100x80000000000000004279410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7a17a6af179e12022-01-04 14:19:09.462root 11241100x80000000000000004279411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419b9068a98dc612022-01-04 14:19:09.462root 11241100x80000000000000004279412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc70ee74eed77392022-01-04 14:19:09.462root 11241100x80000000000000004279413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec96968e4f3e67862022-01-04 14:19:09.462root 11241100x80000000000000004279414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625f6a1bbc9dee6c2022-01-04 14:19:09.463root 11241100x80000000000000004279415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0903a38844fd12f92022-01-04 14:19:09.463root 11241100x80000000000000004279416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9b36af202228202022-01-04 14:19:09.463root 11241100x80000000000000004279417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23ddb5e5c6b64202022-01-04 14:19:09.463root 11241100x80000000000000004279418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9ad41338a2d3682022-01-04 14:19:09.463root 11241100x80000000000000004279419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70aea444bbf07b82022-01-04 14:19:09.463root 11241100x80000000000000004279420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a619bafe3b6697da2022-01-04 14:19:09.463root 11241100x80000000000000004279421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6384a5e6260fa42022-01-04 14:19:09.463root 11241100x80000000000000004279422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c6250a70a3ab542022-01-04 14:19:09.463root 11241100x80000000000000004279423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc1155f5f28d7782022-01-04 14:19:09.463root 11241100x80000000000000004279424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72acbf4b2a910d222022-01-04 14:19:09.464root 11241100x80000000000000004279425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743c625d18418e212022-01-04 14:19:09.464root 11241100x80000000000000004279426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928f7994f413b73e2022-01-04 14:19:09.464root 11241100x80000000000000004279427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31134a5fc9909a092022-01-04 14:19:09.464root 11241100x80000000000000004279428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f0ac27e89e1f82022-01-04 14:19:09.464root 11241100x80000000000000004279429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b5faf31da6567f2022-01-04 14:19:09.464root 11241100x80000000000000004279430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2510b248bcc479e82022-01-04 14:19:09.464root 11241100x80000000000000004279431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be025834f7bc4182022-01-04 14:19:09.464root 11241100x80000000000000004279432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196fddf122ac5b8c2022-01-04 14:19:09.464root 11241100x80000000000000004279433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656bd5173c41de0c2022-01-04 14:19:09.464root 11241100x80000000000000004279434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed52660dec405df02022-01-04 14:19:09.959root 11241100x80000000000000004279435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43a21b8353f47742022-01-04 14:19:09.959root 11241100x80000000000000004279436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddaf7b2e6e09aad2022-01-04 14:19:09.959root 11241100x80000000000000004279437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c74236e2902bc2022-01-04 14:19:09.959root 11241100x80000000000000004279438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf00c97e91c007d2022-01-04 14:19:09.959root 11241100x80000000000000004279439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2993f0e2e31c622022-01-04 14:19:09.960root 11241100x80000000000000004279440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a783fa01bcbd2f2022-01-04 14:19:09.960root 11241100x80000000000000004279441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0c94f06b3941312022-01-04 14:19:09.960root 11241100x80000000000000004279442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417c52be4ecb6f6a2022-01-04 14:19:09.960root 11241100x80000000000000004279443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f1bb683b4b8f5e2022-01-04 14:19:09.961root 11241100x80000000000000004279444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f53047c7fb822202022-01-04 14:19:09.961root 11241100x80000000000000004279445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2a2b26d0c05a202022-01-04 14:19:09.961root 11241100x80000000000000004279446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654e864386e56c562022-01-04 14:19:09.961root 11241100x80000000000000004279447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850a2c2f701d5532022-01-04 14:19:09.961root 11241100x80000000000000004279448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5656ffe121756f942022-01-04 14:19:09.961root 11241100x80000000000000004279449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f63afc52b058052022-01-04 14:19:09.962root 11241100x80000000000000004279450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195765fe8e8db28d2022-01-04 14:19:09.962root 11241100x80000000000000004279451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf3f1c5cba46b522022-01-04 14:19:09.962root 11241100x80000000000000004279452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1361f183ea2db35b2022-01-04 14:19:09.962root 11241100x80000000000000004279453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f3b914aecddb62022-01-04 14:19:09.962root 11241100x80000000000000004279454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d51ad9a13e5fc2022-01-04 14:19:09.962root 11241100x80000000000000004279455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffdb5188fa5cc092022-01-04 14:19:09.962root 11241100x80000000000000004279456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8478d8b7379cbc2022-01-04 14:19:09.962root 11241100x80000000000000004279457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2861c75dcd831c972022-01-04 14:19:09.962root 11241100x80000000000000004279458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54659b05a4d4c5772022-01-04 14:19:09.962root 11241100x80000000000000004279459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da92fb488dfd7832022-01-04 14:19:09.963root 11241100x80000000000000004279460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa2dc3bf9c8bbbc2022-01-04 14:19:09.963root 11241100x80000000000000004279461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2b3e2731a834502022-01-04 14:19:09.963root 11241100x80000000000000004279462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c196782819dde02022-01-04 14:19:09.963root 11241100x80000000000000004279463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ba5b3801bb6c112022-01-04 14:19:09.963root 11241100x80000000000000004279464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83cae2ae97eb7f52022-01-04 14:19:09.963root 11241100x80000000000000004279465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdff2e1dd6a4d81f2022-01-04 14:19:09.963root 11241100x80000000000000004279466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86720b868ecbaa422022-01-04 14:19:09.963root 11241100x80000000000000004279467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df272704aef5832022-01-04 14:19:09.963root 11241100x80000000000000004279468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f3745df3826ad2022-01-04 14:19:09.964root 11241100x80000000000000004279469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0191e25fd516c192022-01-04 14:19:09.964root 11241100x80000000000000004279470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0cb6a911398d92022-01-04 14:19:09.964root 11241100x80000000000000004279471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7eda02f966d5702022-01-04 14:19:09.964root 11241100x80000000000000004279472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e55f6d00c0be6512022-01-04 14:19:09.964root 11241100x80000000000000004279473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be3d137109f3d2f2022-01-04 14:19:09.964root 11241100x80000000000000004279474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99e3a3e6cf428952022-01-04 14:19:09.964root 11241100x80000000000000004279475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2a262da1aebc122022-01-04 14:19:09.964root 11241100x80000000000000004279476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a111f94b73dce15f2022-01-04 14:19:09.964root 11241100x80000000000000004279477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2a095627dbbe02022-01-04 14:19:09.964root 11241100x80000000000000004279478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4ad142c90001c32022-01-04 14:19:09.965root 11241100x80000000000000004279479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d566ad4c1ed802022-01-04 14:19:09.965root 11241100x80000000000000004279480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e47cbc6148a147c2022-01-04 14:19:09.965root 11241100x80000000000000004279481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2304fd90f86cc3cf2022-01-04 14:19:09.965root 11241100x80000000000000004279482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7402a6d619ef040a2022-01-04 14:19:09.965root 11241100x80000000000000004279483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe3ead350018b9d2022-01-04 14:19:09.965root 11241100x80000000000000004279484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2e93c579bec3332022-01-04 14:19:09.965root 11241100x80000000000000004279485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:09.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e765210bd3ee08062022-01-04 14:19:09.965root 11241100x80000000000000004279486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937f20e0ed42b63e2022-01-04 14:19:10.459root 11241100x80000000000000004279487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ab9c6cc7944d2e2022-01-04 14:19:10.459root 11241100x80000000000000004279488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7611bc9d0ffa86e22022-01-04 14:19:10.459root 11241100x80000000000000004279489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb68733d0a1d67882022-01-04 14:19:10.459root 11241100x80000000000000004279490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ef3d02b7fb7a02022-01-04 14:19:10.459root 11241100x80000000000000004279491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b066acfa6806d22022-01-04 14:19:10.459root 11241100x80000000000000004279492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3f29b4e1c535c22022-01-04 14:19:10.459root 11241100x80000000000000004279493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17362a73cbd6655f2022-01-04 14:19:10.459root 11241100x80000000000000004279494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f0b47567d6c3ed2022-01-04 14:19:10.460root 11241100x80000000000000004279495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193ca0bdc56cd2d22022-01-04 14:19:10.460root 11241100x80000000000000004279496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19069dee05fba392022-01-04 14:19:10.460root 11241100x80000000000000004279497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ca16fc68ea72662022-01-04 14:19:10.460root 11241100x80000000000000004279498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31cca79aea9de662022-01-04 14:19:10.460root 11241100x80000000000000004279499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d7764b88220562022-01-04 14:19:10.460root 11241100x80000000000000004279500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f55d14d70f900c32022-01-04 14:19:10.460root 11241100x80000000000000004279501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211d1cd489322e4d2022-01-04 14:19:10.460root 11241100x80000000000000004279502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87f1d2e519f7732022-01-04 14:19:10.460root 11241100x80000000000000004279503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73718ab7030866972022-01-04 14:19:10.460root 11241100x80000000000000004279504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a796e5a56a00ae2022-01-04 14:19:10.460root 11241100x80000000000000004279505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0108f1ee6d5dd6202022-01-04 14:19:10.460root 11241100x80000000000000004279506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833442609fd0745c2022-01-04 14:19:10.460root 11241100x80000000000000004279507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b3cc9b47a7dffe2022-01-04 14:19:10.460root 11241100x80000000000000004279508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f7ff6f5a2b6c1b2022-01-04 14:19:10.460root 11241100x80000000000000004279509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da76d74769b92502022-01-04 14:19:10.461root 11241100x80000000000000004279510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bd6aac989e150a2022-01-04 14:19:10.461root 11241100x80000000000000004279511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a2a81e9c509fbd2022-01-04 14:19:10.461root 11241100x80000000000000004279512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108546e31e5024682022-01-04 14:19:10.461root 11241100x80000000000000004279513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7810d64994d18c32022-01-04 14:19:10.461root 11241100x80000000000000004279514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75460f9cf2aa784d2022-01-04 14:19:10.461root 11241100x80000000000000004279515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9a7b3175e4ab002022-01-04 14:19:10.461root 11241100x80000000000000004279516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6840716e550f3d512022-01-04 14:19:10.461root 11241100x80000000000000004279517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e250b317ea333cd82022-01-04 14:19:10.461root 11241100x80000000000000004279518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb007174e370796d2022-01-04 14:19:10.461root 11241100x80000000000000004279519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dc30ee72a610f92022-01-04 14:19:10.461root 11241100x80000000000000004279520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4b2dfa1978933d2022-01-04 14:19:10.461root 11241100x80000000000000004279521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb405b3b31ac69d2022-01-04 14:19:10.461root 11241100x80000000000000004279522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b871548ea3394562022-01-04 14:19:10.461root 11241100x80000000000000004279523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a41215d77a368762022-01-04 14:19:10.461root 11241100x80000000000000004279524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae879dc1f0138a2022-01-04 14:19:10.462root 11241100x80000000000000004279525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b7ff4d37b4c18d2022-01-04 14:19:10.462root 11241100x80000000000000004279526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea38d9a70a10b6512022-01-04 14:19:10.462root 11241100x80000000000000004279527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5356a9e6500a45b82022-01-04 14:19:10.462root 11241100x80000000000000004279528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a078ace4466390622022-01-04 14:19:10.462root 11241100x80000000000000004279529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82220daf8408db212022-01-04 14:19:10.462root 11241100x80000000000000004279530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b48edf7da6cac32022-01-04 14:19:10.462root 11241100x80000000000000004279531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6a3cb7abfa31f92022-01-04 14:19:10.462root 534500x80000000000000004279532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.667{ec2e79f3-af45-61d2-c81a-c448f1550000}14881-sshd 11241100x80000000000000004279533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.669{ec2e79f3-af3e-61d2-5819-ee8c11560000}1/lib/systemd/systemd/run/systemd/transient/session-37.scope2022-01-04 14:19:10.669root 11241100x80000000000000004279534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/sessions/.#37YHYlTd2022-01-04 14:19:10.673root 11241100x80000000000000004279535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/users/.#1000gAtAPd2022-01-04 14:19:10.673root 11241100x80000000000000004279536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/sessions/.#37e4AQLd2022-01-04 14:19:10.673root 11241100x80000000000000004279537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/sessions/.#37EzL7Hd2022-01-04 14:19:10.673root 11241100x80000000000000004279538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.673{ec2e79f3-af4c-61d2-8083-8886b9550000}868/lib/systemd/systemd-logind/run/systemd/users/.#1000SOupEd2022-01-04 14:19:10.673root 154100x80000000000000004279539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.674{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575a-61d4-e017-76fa68550000}14880/usr/sbin/sshd/usr/sbin/sshdroot 11241100x80000000000000004279540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.675{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dash/run/motd.dynamic.new2022-01-04 14:19:10.675root 154100x80000000000000004279541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.675{ec2e79f3-575e-61d4-78dc-c53c4a560000}14883/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dashshroot 154100x80000000000000004279542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.675{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-6882-e788be550000}14882/bin/dashshroot 154100x80000000000000004279543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.677{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 154100x80000000000000004279544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.677{ec2e79f3-575e-61d4-80fe-c568e5550000}14885/bin/uname-----uname -o/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash/bin/shroot 534500x80000000000000004279545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.678{ec2e79f3-575e-61d4-80fe-c568e5550000}14885/bin/unameroot 154100x80000000000000004279546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.678{ec2e79f3-575e-61d4-807e-8b6248560000}14886/bin/uname-----uname -r/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash/bin/shroot 534500x80000000000000004279547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.679{ec2e79f3-575e-61d4-807e-8b6248560000}14886/bin/unameroot 154100x80000000000000004279548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.679{ec2e79f3-575e-61d4-80ee-93aa45560000}14887/bin/uname-----uname -m/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dash/bin/shroot 534500x80000000000000004279549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.680{ec2e79f3-575e-61d4-80ee-93aa45560000}14887/bin/unameroot 534500x80000000000000004279550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.681{ec2e79f3-575e-61d4-68f2-888214560000}14884/bin/dashroot 154100x80000000000000004279551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.681{ec2e79f3-575e-61d4-6832-4de4ae550000}14888/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 534500x80000000000000004279552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.682{ec2e79f3-575e-61d4-6832-4de4ae550000}14888/bin/dashroot 154100x80000000000000004279553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.682{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 154100x80000000000000004279554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.683{ec2e79f3-575e-61d4-509c-20d66b550000}14890/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash/bin/shroot 534500x80000000000000004279555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.685{ec2e79f3-575e-61d4-509c-20d66b550000}14890/bin/greproot 154100x80000000000000004279556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.686{ec2e79f3-575e-61d4-980f-f6a8b5550000}14893/usr/bin/bc-----bc/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14891--- 154100x80000000000000004279557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.686{ec2e79f3-575e-61d4-b870-260dc5550000}14894/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14892--- 534500x80000000000000004279558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.687{ec2e79f3-575e-61d4-b870-260dc5550000}14894/usr/bin/cutroot 534500x80000000000000004279559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{00000000-0000-0000-0000-000000000000}14892<unknown process>root 534500x80000000000000004279560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{ec2e79f3-575e-61d4-980f-f6a8b5550000}14893/usr/bin/bcroot 534500x80000000000000004279561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{ec2e79f3-af45-61d2-c81a-c448f1550000}14891-root 154100x80000000000000004279562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.688{ec2e79f3-575e-61d4-08af-ebd537560000}14895/bin/date-----/bin/date/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash/bin/shroot 534500x80000000000000004279563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.690{ec2e79f3-575e-61d4-08af-ebd537560000}14895/bin/dateroot 154100x80000000000000004279564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.691{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dash/bin/shroot 154100x80000000000000004279565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.853{ec2e79f3-575e-61d4-6862-cc151b560000}14897/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 154100x80000000000000004279566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.853{ec2e79f3-575e-61d4-b09f-d090f87f0000}14897/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 11241100x80000000000000004279567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.855{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c30133e3d0537e82022-01-04 14:19:10.855root 11241100x80000000000000004279568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.855{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0bfaaa98f42f0b2022-01-04 14:19:10.855root 11241100x80000000000000004279569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.855{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c42ce5ce6c4ce342022-01-04 14:19:10.855root 11241100x80000000000000004279570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f648cad5b92b0ab2022-01-04 14:19:10.856root 11241100x80000000000000004279571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67c891eff5ae0d12022-01-04 14:19:10.856root 11241100x80000000000000004279572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65772346515cfc42022-01-04 14:19:10.856root 11241100x80000000000000004279573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c510f5ea8872232022-01-04 14:19:10.856root 11241100x80000000000000004279574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abab9c508177ea692022-01-04 14:19:10.856root 11241100x80000000000000004279575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb699d42f131445b2022-01-04 14:19:10.856root 11241100x80000000000000004279576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79b93cf65fd1d602022-01-04 14:19:10.856root 11241100x80000000000000004279577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb9d494b924cfd2022-01-04 14:19:10.856root 11241100x80000000000000004279578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a0cb8c5ed22cec2022-01-04 14:19:10.856root 11241100x80000000000000004279579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c3f2c6ff3f9262022-01-04 14:19:10.857root 11241100x80000000000000004279580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403177a4dbf26c002022-01-04 14:19:10.857root 11241100x80000000000000004279581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17a790192eaeab72022-01-04 14:19:10.857root 11241100x80000000000000004279582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02313b10e99aeee82022-01-04 14:19:10.857root 11241100x80000000000000004279583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e95e0ddb0a83772022-01-04 14:19:10.857root 11241100x80000000000000004279584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c223fe82c85e5442022-01-04 14:19:10.857root 11241100x80000000000000004279585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b04217e9f479572022-01-04 14:19:10.857root 11241100x80000000000000004279586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c96ccf65fd97302022-01-04 14:19:10.857root 11241100x80000000000000004279587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57288ae91c558f942022-01-04 14:19:10.857root 11241100x80000000000000004279588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.858{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ca9af0c28b3cc32022-01-04 14:19:10.858root 534500x80000000000000004279589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.858{ec2e79f3-575e-61d4-b09f-d090f87f0000}14897/sbin/ldconfig.realroot 11241100x80000000000000004279590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.858{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a367119716075b882022-01-04 14:19:10.858root 11241100x80000000000000004279591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.859{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b387cd35299b8f2022-01-04 14:19:10.859root 11241100x80000000000000004279592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.859{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859bd474ae1d31b92022-01-04 14:19:10.859root 11241100x80000000000000004279593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059fe73239188d122022-01-04 14:19:10.860root 11241100x80000000000000004279594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53f93880796c7a22022-01-04 14:19:10.860root 11241100x80000000000000004279595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d1d38629ff187b2022-01-04 14:19:10.860root 11241100x80000000000000004279596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.860{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c25cded9769da32022-01-04 14:19:10.860root 11241100x80000000000000004279597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.861{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be8f94e041f70132022-01-04 14:19:10.861root 11241100x80000000000000004279598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.861{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1ec9f8332615062022-01-04 14:19:10.861root 11241100x80000000000000004279599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818bbb37d883fb8c2022-01-04 14:19:10.862root 11241100x80000000000000004279600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19224b58484ded542022-01-04 14:19:10.862root 11241100x80000000000000004279601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfd05c9f9e085c22022-01-04 14:19:10.862root 11241100x80000000000000004279602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9385ddc32c7163992022-01-04 14:19:10.862root 11241100x80000000000000004279603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.862{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f00e5a1a2077192022-01-04 14:19:10.862root 11241100x80000000000000004279604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd76e23081a88e232022-01-04 14:19:10.863root 11241100x80000000000000004279605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb6ba964f51e3b12022-01-04 14:19:10.863root 11241100x80000000000000004279606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38f93326c5497e02022-01-04 14:19:10.863root 11241100x80000000000000004279607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd53c3a32cdb8822022-01-04 14:19:10.863root 11241100x80000000000000004279608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.863{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3bec85c61464f22022-01-04 14:19:10.863root 11241100x80000000000000004279609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.864{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed92a784d9f10d3a2022-01-04 14:19:10.864root 11241100x80000000000000004279610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.864{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1435b16e38cbf1ec2022-01-04 14:19:10.864root 11241100x80000000000000004279611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.864{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc4be8a3e342fc22022-01-04 14:19:10.864root 11241100x80000000000000004279612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418a4bca745c96332022-01-04 14:19:10.865root 11241100x80000000000000004279613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9044ee2dcb3e9ab02022-01-04 14:19:10.865root 11241100x80000000000000004279614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122fedb7c9e5ecf62022-01-04 14:19:10.865root 11241100x80000000000000004279615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.865{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda4fb812b11a6812022-01-04 14:19:10.865root 11241100x80000000000000004279616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.866{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6078eff11cade62022-01-04 14:19:10.866root 11241100x80000000000000004279617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.866{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af3b223dd67f5d52022-01-04 14:19:10.866root 11241100x80000000000000004279618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.866{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e0c586b1b67f012022-01-04 14:19:10.866root 11241100x80000000000000004279619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.867{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81446b7620e61ba22022-01-04 14:19:10.867root 11241100x80000000000000004279620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.867{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec9b01dae6c1962022-01-04 14:19:10.867root 11241100x80000000000000004279621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.867{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56981fb6279e9d0c2022-01-04 14:19:10.867root 11241100x80000000000000004279622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21436fe892be5dfb2022-01-04 14:19:10.868root 11241100x80000000000000004279623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d9ae408ae626c32022-01-04 14:19:10.868root 11241100x80000000000000004279624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb41bcbcc79bc202022-01-04 14:19:10.868root 11241100x80000000000000004279625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9321cd535a722472022-01-04 14:19:10.868root 11241100x80000000000000004279626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1333fa4796db6a8a2022-01-04 14:19:10.868root 11241100x80000000000000004279627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ceaa193de6b16a2022-01-04 14:19:10.868root 11241100x80000000000000004279628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09ff27d5715fd6b2022-01-04 14:19:10.868root 11241100x80000000000000004279629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d20b9ee00b0e4d2022-01-04 14:19:10.868root 11241100x80000000000000004279630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.868{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce1572ed7fe5c772022-01-04 14:19:10.868root 11241100x80000000000000004279631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a696fa6881420e2022-01-04 14:19:10.869root 11241100x80000000000000004279632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbf82760c88aa312022-01-04 14:19:10.869root 11241100x80000000000000004279633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1afec3eb27cf3a2022-01-04 14:19:10.869root 11241100x80000000000000004279634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8f4f83bdcb99372022-01-04 14:19:10.869root 11241100x80000000000000004279635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.869{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8caa33faec10222022-01-04 14:19:10.869root 11241100x80000000000000004279636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840bb33cce9ef9f2022-01-04 14:19:10.870root 11241100x80000000000000004279637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf8a602f99522112022-01-04 14:19:10.870root 11241100x80000000000000004279638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c102a8ba36fc6bd12022-01-04 14:19:10.870root 11241100x80000000000000004279639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b1423cdd4d53182022-01-04 14:19:10.870root 11241100x80000000000000004279640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653e8a0185b8182f2022-01-04 14:19:10.870root 11241100x80000000000000004279641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.870{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd486ceaf0882562022-01-04 14:19:10.870root 11241100x80000000000000004279642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e56ce406184eb2022-01-04 14:19:10.871root 11241100x80000000000000004279643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c4b36a496576cb2022-01-04 14:19:10.871root 11241100x80000000000000004279644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e04318c84d662c2022-01-04 14:19:10.871root 11241100x80000000000000004279645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7225340cc4eae502022-01-04 14:19:10.871root 11241100x80000000000000004279646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce446c590533be812022-01-04 14:19:10.871root 11241100x80000000000000004279647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a171f527116bb02022-01-04 14:19:10.871root 11241100x80000000000000004279648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa17d739c9f411122022-01-04 14:19:10.871root 11241100x80000000000000004279649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626784541a921b7d2022-01-04 14:19:10.871root 11241100x80000000000000004279650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.871{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ced70a87689b7d2022-01-04 14:19:10.871root 11241100x80000000000000004279651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2fb12f6ad41c02022-01-04 14:19:10.872root 11241100x80000000000000004279652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbdfccc7242edf92022-01-04 14:19:10.872root 11241100x80000000000000004279653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7a0656443cc3312022-01-04 14:19:10.872root 11241100x80000000000000004279654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57316993ffb2ee442022-01-04 14:19:10.872root 11241100x80000000000000004279655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767898ef08dfca302022-01-04 14:19:10.872root 11241100x80000000000000004279656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4830b360bf21812d2022-01-04 14:19:10.872root 11241100x80000000000000004279657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c13247e549503a2022-01-04 14:19:10.872root 11241100x80000000000000004279658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582000fa3c84c092022-01-04 14:19:10.872root 11241100x80000000000000004279659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4b3824336369912022-01-04 14:19:10.872root 11241100x80000000000000004279660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d48c3cb1283152022-01-04 14:19:10.872root 11241100x80000000000000004279661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.872{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e057806c732e907f2022-01-04 14:19:10.872root 11241100x80000000000000004279662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9025427022acd2f52022-01-04 14:19:10.873root 11241100x80000000000000004279663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d7d389af9328722022-01-04 14:19:10.873root 11241100x80000000000000004279664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a33b4b5bf5f53922022-01-04 14:19:10.873root 11241100x80000000000000004279665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be55e9a2141eda2b2022-01-04 14:19:10.873root 11241100x80000000000000004279666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d3f2e3d42ac7182022-01-04 14:19:10.873root 11241100x80000000000000004279667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f586dd9bdcc8572022-01-04 14:19:10.873root 11241100x80000000000000004279668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3112374a29501b2022-01-04 14:19:10.873root 11241100x80000000000000004279669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6bdb7eb6fd7e52022-01-04 14:19:10.873root 11241100x80000000000000004279670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b19c8dc2d7eaa232022-01-04 14:19:10.873root 11241100x80000000000000004279671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1119c67e40d3c212022-01-04 14:19:10.873root 11241100x80000000000000004279672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcef2bca299a43a52022-01-04 14:19:10.873root 11241100x80000000000000004279673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.873{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1825711a2b7505542022-01-04 14:19:10.873root 11241100x80000000000000004279674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.874{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7ef55d5e6a8f02022-01-04 14:19:10.874root 11241100x80000000000000004279675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba1b89273676cd62022-01-04 14:19:10.875root 11241100x80000000000000004279676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e68fa9081cc634b2022-01-04 14:19:10.875root 11241100x80000000000000004279677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096df20994cd04412022-01-04 14:19:10.875root 11241100x80000000000000004279678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0a3101c037afa2022-01-04 14:19:10.875root 11241100x80000000000000004279679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d1a86df2119a52022-01-04 14:19:10.875root 11241100x80000000000000004279680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c873cf2571a0512022-01-04 14:19:10.875root 11241100x80000000000000004279681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556c89dffe3defb32022-01-04 14:19:10.875root 11241100x80000000000000004279682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e44d01e99998052022-01-04 14:19:10.875root 11241100x80000000000000004279683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8d7a06ffea36432022-01-04 14:19:10.875root 11241100x80000000000000004279684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433776ca352337ef2022-01-04 14:19:10.875root 11241100x80000000000000004279685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce7913fc9b768972022-01-04 14:19:10.875root 11241100x80000000000000004279686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878d9ce900ebed3a2022-01-04 14:19:10.875root 11241100x80000000000000004279687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.875{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb1c39f48526cc2022-01-04 14:19:10.875root 11241100x80000000000000004279688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c495e3ef5ebb74cd2022-01-04 14:19:10.876root 11241100x80000000000000004279689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3217d20c9e051fd92022-01-04 14:19:10.876root 11241100x80000000000000004279690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364cb2afd26a42662022-01-04 14:19:10.876root 11241100x80000000000000004279691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.876{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04390210bf52dc5c2022-01-04 14:19:10.876root 11241100x80000000000000004279692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59e804190371faa2022-01-04 14:19:10.878root 11241100x80000000000000004279693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a298cf0a6cdbd4342022-01-04 14:19:10.878root 11241100x80000000000000004279694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18633190fe344db2022-01-04 14:19:10.878root 11241100x80000000000000004279695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca56dae2ebc0129b2022-01-04 14:19:10.879root 11241100x80000000000000004279696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf943d5af70edd62022-01-04 14:19:10.879root 11241100x80000000000000004279697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425fe847494896cc2022-01-04 14:19:10.879root 11241100x80000000000000004279698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d8c94f3add4da2022-01-04 14:19:10.879root 11241100x80000000000000004279699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdb7b47a1141ac02022-01-04 14:19:10.879root 11241100x80000000000000004279700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1b95603355a06b2022-01-04 14:19:10.879root 11241100x80000000000000004279701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.879{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca713ef21e64eff32022-01-04 14:19:10.879root 11241100x80000000000000004279702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6bb5af94f71712022-01-04 14:19:10.880root 11241100x80000000000000004279703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36fe7ee3c6f7ba2022-01-04 14:19:10.880root 11241100x80000000000000004279704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3dbe12b754a4c92022-01-04 14:19:10.880root 11241100x80000000000000004279705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f882f8a239e542022-01-04 14:19:10.880root 11241100x80000000000000004279706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f1509077cb7c962022-01-04 14:19:10.880root 11241100x80000000000000004279707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180258763c3512de2022-01-04 14:19:10.880root 11241100x80000000000000004279708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.880{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6c999b4b9920b42022-01-04 14:19:10.880root 11241100x80000000000000004279709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e62480f2c9b37cc2022-01-04 14:19:10.881root 11241100x80000000000000004279710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de2508346555f932022-01-04 14:19:10.881root 11241100x80000000000000004279711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee6a3e63a03efe12022-01-04 14:19:10.881root 11241100x80000000000000004279712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e253785b1af8f12022-01-04 14:19:10.881root 11241100x80000000000000004279713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55058d3d70cf2f482022-01-04 14:19:10.881root 11241100x80000000000000004279714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.881{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3770f7a7a90d41952022-01-04 14:19:10.881root 11241100x80000000000000004279715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1479f912581e3c792022-01-04 14:19:10.882root 11241100x80000000000000004279716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca086dbe1c21636e2022-01-04 14:19:10.882root 11241100x80000000000000004279717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86cc99efb2395302022-01-04 14:19:10.882root 11241100x80000000000000004279718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351ec5b183bb955c2022-01-04 14:19:10.882root 11241100x80000000000000004279719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207955ce77b432b42022-01-04 14:19:10.882root 11241100x80000000000000004279720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4a548fa262a2832022-01-04 14:19:10.882root 11241100x80000000000000004279721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.882{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8590e84a629dce5d2022-01-04 14:19:10.882root 11241100x80000000000000004279722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94f6f5b54d5ec2c2022-01-04 14:19:10.883root 11241100x80000000000000004279723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ef3938405bf0162022-01-04 14:19:10.883root 11241100x80000000000000004279724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4328d51fe45b172022-01-04 14:19:10.883root 11241100x80000000000000004279725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48265b9facff529b2022-01-04 14:19:10.883root 11241100x80000000000000004279726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b623175bdfd5def02022-01-04 14:19:10.883root 11241100x80000000000000004279727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.883{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6902d8198e3296c2022-01-04 14:19:10.883root 11241100x80000000000000004279728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ffd26fc81df3412022-01-04 14:19:10.884root 11241100x80000000000000004279729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0352bc473987676a2022-01-04 14:19:10.884root 11241100x80000000000000004279730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6042b0e4955021002022-01-04 14:19:10.884root 11241100x80000000000000004279731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d442aa20efba68702022-01-04 14:19:10.884root 11241100x80000000000000004279732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ac74cfa4c38c92022-01-04 14:19:10.884root 11241100x80000000000000004279733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77907ef30c35387f2022-01-04 14:19:10.884root 11241100x80000000000000004279734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.884{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a32ca6c5c36eb2022-01-04 14:19:10.884root 11241100x80000000000000004279735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd33dc63eb8c92812022-01-04 14:19:10.885root 11241100x80000000000000004279736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c21f44eed46f1ec2022-01-04 14:19:10.885root 11241100x80000000000000004279737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319438490091973f2022-01-04 14:19:10.885root 11241100x80000000000000004279738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e730378f66718262022-01-04 14:19:10.885root 11241100x80000000000000004279739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b685c58b092607a42022-01-04 14:19:10.885root 11241100x80000000000000004279740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98369bb7f23eff752022-01-04 14:19:10.885root 11241100x80000000000000004279741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.885{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8fcd88150b98452022-01-04 14:19:10.885root 11241100x80000000000000004279742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa1df62efa792672022-01-04 14:19:10.886root 11241100x80000000000000004279743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1e5dd572ce280a2022-01-04 14:19:10.886root 11241100x80000000000000004279744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c307fd40d3149b82022-01-04 14:19:10.886root 11241100x80000000000000004279745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab05b3efc7143092022-01-04 14:19:10.886root 11241100x80000000000000004279746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d27fe03159ba742022-01-04 14:19:10.886root 11241100x80000000000000004279747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bed1c448aac2972022-01-04 14:19:10.886root 11241100x80000000000000004279748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0cb2507226a94d2022-01-04 14:19:10.886root 11241100x80000000000000004279749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0fe7d8603634812022-01-04 14:19:10.886root 11241100x80000000000000004279750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae7418c8fc1c832022-01-04 14:19:10.886root 11241100x80000000000000004279751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff0e473fba199952022-01-04 14:19:10.886root 11241100x80000000000000004279752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401b9c34738f3f5f2022-01-04 14:19:10.886root 11241100x80000000000000004279753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b5949ac80b00832022-01-04 14:19:10.886root 11241100x80000000000000004279754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.886{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac6773c1283e0d52022-01-04 14:19:10.886root 11241100x80000000000000004279755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363ca008efbc42822022-01-04 14:19:10.887root 11241100x80000000000000004279756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e055b034d2a51e42022-01-04 14:19:10.887root 11241100x80000000000000004279757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bde7a9af793f032022-01-04 14:19:10.887root 11241100x80000000000000004279758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d09bad8b0478fb92022-01-04 14:19:10.887root 11241100x80000000000000004279759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bd9e7c35b354bd2022-01-04 14:19:10.887root 11241100x80000000000000004279760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ab437c52c155f22022-01-04 14:19:10.887root 11241100x80000000000000004279761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e56ebab61dd80892022-01-04 14:19:10.887root 11241100x80000000000000004279762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c04d89f2b4f9e52022-01-04 14:19:10.887root 11241100x80000000000000004279763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e1dc6d985401352022-01-04 14:19:10.887root 11241100x80000000000000004279764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36566dad70685242022-01-04 14:19:10.887root 11241100x80000000000000004279765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a869d85a0696a52022-01-04 14:19:10.887root 11241100x80000000000000004279766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b04ee611de4252022-01-04 14:19:10.887root 11241100x80000000000000004279767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baef934390b90162022-01-04 14:19:10.887root 11241100x80000000000000004279768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.887{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6392c580378c3e752022-01-04 14:19:10.887root 11241100x80000000000000004279769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f278975a7517e2022-01-04 14:19:10.888root 11241100x80000000000000004279770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee92cb8dd31b01142022-01-04 14:19:10.888root 11241100x80000000000000004279771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e304d7adef7b67a52022-01-04 14:19:10.888root 11241100x80000000000000004279772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce981b00b4e972b02022-01-04 14:19:10.888root 11241100x80000000000000004279773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc82821f6442d602022-01-04 14:19:10.888root 11241100x80000000000000004279774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9442112180c969012022-01-04 14:19:10.888root 11241100x80000000000000004279775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4793d3aeb76f25ba2022-01-04 14:19:10.888root 11241100x80000000000000004279776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfe1d902c87c3da2022-01-04 14:19:10.888root 11241100x80000000000000004279777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cefb163f5787cf42022-01-04 14:19:10.888root 11241100x80000000000000004279778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1a8bcee23416262022-01-04 14:19:10.888root 11241100x80000000000000004279779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4101915c805b22dd2022-01-04 14:19:10.888root 11241100x80000000000000004279780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dee11907026ae82022-01-04 14:19:10.888root 11241100x80000000000000004279781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73999f60c65ca7f92022-01-04 14:19:10.888root 11241100x80000000000000004279782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.888{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24884f42b7b4bf412022-01-04 14:19:10.888root 11241100x80000000000000004279783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30566f19aec1ce512022-01-04 14:19:10.889root 11241100x80000000000000004279784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f54f9e843402932022-01-04 14:19:10.889root 11241100x80000000000000004279785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81ff477faa3732f2022-01-04 14:19:10.889root 11241100x80000000000000004279786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12ba5c3be78bcbe2022-01-04 14:19:10.889root 11241100x80000000000000004279787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38f8133d8bc20332022-01-04 14:19:10.889root 11241100x80000000000000004279788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa2324d581cca632022-01-04 14:19:10.889root 11241100x80000000000000004279789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b991fc0e89b88d2022-01-04 14:19:10.889root 11241100x80000000000000004279790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7667efc7faee4712022-01-04 14:19:10.889root 11241100x80000000000000004279791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee02f7d87bb34032022-01-04 14:19:10.889root 11241100x80000000000000004279792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527ca390c24087072022-01-04 14:19:10.889root 11241100x80000000000000004279793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7d26bd0a9ae69b2022-01-04 14:19:10.889root 11241100x80000000000000004279794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.889{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a26787d385ffa62022-01-04 14:19:10.889root 11241100x80000000000000004279795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235272e204f566e2022-01-04 14:19:10.890root 11241100x80000000000000004279796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eccfdbd261a2b62022-01-04 14:19:10.890root 11241100x80000000000000004279797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e20927ab8020172022-01-04 14:19:10.890root 11241100x80000000000000004279798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0830b21ab60322022-01-04 14:19:10.890root 11241100x80000000000000004279799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd36c3687745ff72022-01-04 14:19:10.890root 11241100x80000000000000004279800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134da833ed058b6d2022-01-04 14:19:10.890root 11241100x80000000000000004279801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee850c9002c71f2022-01-04 14:19:10.890root 11241100x80000000000000004279802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8bc5fd2ea59ec52022-01-04 14:19:10.890root 11241100x80000000000000004279803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e56b593095216d02022-01-04 14:19:10.890root 11241100x80000000000000004279804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.890{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aa6f7ed054dcc82022-01-04 14:19:10.890root 11241100x80000000000000004279805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a713b3984fae582022-01-04 14:19:10.891root 11241100x80000000000000004279806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f143a4a364cb3e92022-01-04 14:19:10.891root 11241100x80000000000000004279807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a14594e404d5de2022-01-04 14:19:10.891root 11241100x80000000000000004279808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683efbc405ec03fc2022-01-04 14:19:10.891root 11241100x80000000000000004279809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeb009b747291ee2022-01-04 14:19:10.891root 11241100x80000000000000004279810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c818b22f6b5ade9a2022-01-04 14:19:10.891root 11241100x80000000000000004279811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d7c2efde0591942022-01-04 14:19:10.891root 11241100x80000000000000004279812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3217aab69175e4a02022-01-04 14:19:10.891root 11241100x80000000000000004279813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.891{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a2501c6ed1d3d42022-01-04 14:19:10.891root 11241100x80000000000000004279814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8973192d0e4e197b2022-01-04 14:19:10.892root 11241100x80000000000000004279815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97f5b2e98e2c39c2022-01-04 14:19:10.892root 11241100x80000000000000004279816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7f4f4ed5ca41f2022-01-04 14:19:10.892root 11241100x80000000000000004279817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d901364e22d87522022-01-04 14:19:10.892root 11241100x80000000000000004279818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f285b7dc4a5e512022-01-04 14:19:10.892root 11241100x80000000000000004279819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa467a75bd8349e2022-01-04 14:19:10.892root 11241100x80000000000000004279820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd764d0b906e14082022-01-04 14:19:10.892root 11241100x80000000000000004279821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f31190a6449dea2022-01-04 14:19:10.892root 11241100x80000000000000004279822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440dd5cc05321ec92022-01-04 14:19:10.892root 11241100x80000000000000004279823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862534653f7e36fa2022-01-04 14:19:10.892root 11241100x80000000000000004279824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c1a187912ba242022-01-04 14:19:10.892root 11241100x80000000000000004279825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739a000ece69c1082022-01-04 14:19:10.892root 11241100x80000000000000004279826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62781915ca13536b2022-01-04 14:19:10.892root 11241100x80000000000000004279827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.892{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a71c33d4eb95772022-01-04 14:19:10.892root 11241100x80000000000000004279828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6749729893ce822022-01-04 14:19:10.893root 11241100x80000000000000004279829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2953e2d6f896012022-01-04 14:19:10.893root 11241100x80000000000000004279830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07670baadb1b31f62022-01-04 14:19:10.893root 11241100x80000000000000004279831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239affa519f4c3e62022-01-04 14:19:10.893root 11241100x80000000000000004279832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f41569d6098ac1a2022-01-04 14:19:10.893root 11241100x80000000000000004279833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee872c9e3aa9d5e2022-01-04 14:19:10.893root 11241100x80000000000000004279834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921bdb67eae895702022-01-04 14:19:10.893root 11241100x80000000000000004279835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8707bbf8b88c392022-01-04 14:19:10.893root 11241100x80000000000000004279836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e071f7e03ea7d92022-01-04 14:19:10.893root 11241100x80000000000000004279837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0576f3b3f129fa2022-01-04 14:19:10.893root 11241100x80000000000000004279838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1a07a26ec4a1522022-01-04 14:19:10.893root 11241100x80000000000000004279839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.893{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6e539be0ec03992022-01-04 14:19:10.893root 11241100x80000000000000004279840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a129d4390c8fb92022-01-04 14:19:10.894root 11241100x80000000000000004279841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b02ea0e7e92a2f2022-01-04 14:19:10.894root 11241100x80000000000000004279842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beacc08380b7c7852022-01-04 14:19:10.894root 11241100x80000000000000004279843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be15c21f841037d2022-01-04 14:19:10.894root 11241100x80000000000000004279844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6259f071cea88582022-01-04 14:19:10.894root 11241100x80000000000000004279845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdef4ca54127ed82022-01-04 14:19:10.894root 11241100x80000000000000004279846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fa8f18d2334ad72022-01-04 14:19:10.894root 11241100x80000000000000004279847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c50aefa1481f64c2022-01-04 14:19:10.894root 11241100x80000000000000004279848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b92677f08742fb2022-01-04 14:19:10.894root 11241100x80000000000000004279849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35f7e3a6dfb38f32022-01-04 14:19:10.894root 11241100x80000000000000004279850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d22d4ca140d20ce2022-01-04 14:19:10.894root 11241100x80000000000000004279851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.894{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d111717245185c12022-01-04 14:19:10.894root 11241100x80000000000000004279852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.895{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e98b1aeae687962022-01-04 14:19:10.895root 11241100x80000000000000004279853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.895{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525e9104063f8f52022-01-04 14:19:10.895root 11241100x80000000000000004279854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e13f379c9a102dc2022-01-04 14:19:10.896root 11241100x80000000000000004279855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86da26438ea5fc52022-01-04 14:19:10.896root 11241100x80000000000000004279856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc070bf34034e6a92022-01-04 14:19:10.896root 11241100x80000000000000004279857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901a522e3a7aaef2022-01-04 14:19:10.896root 11241100x80000000000000004279858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a477c87972672e2022-01-04 14:19:10.896root 11241100x80000000000000004279859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e466a3bebbf563af2022-01-04 14:19:10.896root 11241100x80000000000000004279860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.896{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99661b08865ff0e72022-01-04 14:19:10.896root 154100x80000000000000004279861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.906{ec2e79f3-575e-61d4-6832-9f4489550000}14898/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 154100x80000000000000004279862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.906{ec2e79f3-575e-61d4-b05f-31b1f47f0000}14898/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000004279863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:10.908{ec2e79f3-575e-61d4-b05f-31b1f47f0000}14898/sbin/ldconfig.realroot 534500x80000000000000004279864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.048{00000000-0000-0000-0000-000000000000}14899<unknown process>root 154100x80000000000000004279865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.093{ec2e79f3-575f-61d4-f083-9994c0550000}14900/usr/bin/who-----who -q/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000004279866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.096{ec2e79f3-575f-61d4-f083-9994c0550000}14900/usr/bin/whoroot 534500x80000000000000004279867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.170{ec2e79f3-575e-61d4-a036-7b0000000000}14896/usr/bin/python3.6root 534500x80000000000000004279868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-575e-61d4-68c2-d73929560000}14889/bin/dashroot 154100x80000000000000004279869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c52ce08216282192022-01-04 14:19:11.171root 11241100x80000000000000004279871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.171{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d5bffa519811ab2022-01-04 14:19:11.171root 154100x80000000000000004279872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-d0e9-14a414560000}14902/bin/cat-----cat /var/cache/motd-news/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 154100x80000000000000004279873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-7832-470703560000}14903/usr/bin/head-----head -n 10/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 154100x80000000000000004279874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-e045-410a25560000}14904/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 534500x80000000000000004279875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-d0e9-14a414560000}14902/bin/catroot 11241100x80000000000000004279876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebaa26377c1c7d52022-01-04 14:19:11.172root 154100x80000000000000004279877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-b880-e80095550000}14905/usr/bin/cut-----cut -c -80/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dash/bin/shroot 11241100x80000000000000004279878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4411499c8ab378052022-01-04 14:19:11.172root 11241100x80000000000000004279879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e33e308291d162022-01-04 14:19:11.173root 11241100x80000000000000004279880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b838090a212b6ca2022-01-04 14:19:11.173root 11241100x80000000000000004279881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6287784bc43de2022-01-04 14:19:11.173root 534500x80000000000000004279882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.172{ec2e79f3-575f-61d4-7832-470703560000}14903/usr/bin/headroot 534500x80000000000000004279883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-e045-410a25560000}14904/usr/bin/trroot 11241100x80000000000000004279884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49385656fca514fc2022-01-04 14:19:11.173root 11241100x80000000000000004279885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3a69d18ef3050b2022-01-04 14:19:11.173root 534500x80000000000000004279886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-b880-e80095550000}14905/usr/bin/cutroot 534500x80000000000000004279887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-6822-11db68550000}14901/bin/dashroot 11241100x80000000000000004279888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf307bbe2e236d52022-01-04 14:19:11.174root 11241100x80000000000000004279889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c0b5048c3029682022-01-04 14:19:11.174root 11241100x80000000000000004279890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0d5d5bfcffa4892022-01-04 14:19:11.174root 11241100x80000000000000004279891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cba31e3320f7f952022-01-04 14:19:11.174root 154100x80000000000000004279892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.173{ec2e79f3-575f-61d4-68e2-7808e4550000}14906/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99f929fce7f6fe92022-01-04 14:19:11.174root 11241100x80000000000000004279894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcee880716c336362022-01-04 14:19:11.174root 11241100x80000000000000004279895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ac442bf335bcc92022-01-04 14:19:11.174root 534500x80000000000000004279896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.174{ec2e79f3-575f-61d4-68e2-7808e4550000}14906/bin/dashroot 11241100x80000000000000004279897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530ca3ad95fd65f82022-01-04 14:19:11.175root 154100x80000000000000004279898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-575f-61d4-68b2-a20f7d550000}14907/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee537d42f0a683d42022-01-04 14:19:11.175root 11241100x80000000000000004279900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.175{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeb345dd5a966152022-01-04 14:19:11.175root 11241100x80000000000000004279901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d359032372acbc72022-01-04 14:19:11.176root 11241100x80000000000000004279902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401489535aba231a2022-01-04 14:19:11.176root 154100x80000000000000004279903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-575f-61d4-d0b9-348f6d550000}14908/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575f-61d4-68b2-a20f7d550000}14907/bin/dash/bin/shroot 11241100x80000000000000004279904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.176{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830ac077491767ae2022-01-04 14:19:11.176root 534500x80000000000000004279905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-575f-61d4-d0b9-348f6d550000}14908/bin/catroot 534500x80000000000000004279906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-575f-61d4-68b2-a20f7d550000}14907/bin/dashroot 11241100x80000000000000004279907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce701b2416a982212022-01-04 14:19:11.177root 154100x80000000000000004279908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.177{ec2e79f3-575f-61d4-68b2-89a4f6550000}14909/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1dd006f38d228b2022-01-04 14:19:11.178root 534500x80000000000000004279910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-575f-61d4-68b2-89a4f6550000}14909/bin/dashroot 154100x80000000000000004279911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-575f-61d4-6802-1f007b550000}14910/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{ec2e79f3-575e-61d4-38ca-cc625b550000}14883/bin/run-partsrun-partsroot 11241100x80000000000000004279912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.178{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b898d6d3bc07727c2022-01-04 14:19:11.178root 11241100x80000000000000004279913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4559cdc65dcc2fca2022-01-04 14:19:11.179root 11241100x80000000000000004279914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ff294eae7af0f2022-01-04 14:19:11.179root 154100x80000000000000004279915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-575f-61d4-a036-7b0000000000}14912/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14911--- 154100x80000000000000004279916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.179{ec2e79f3-575f-61d4-b8b0-19b65a550000}14913/usr/bin/cut-----cut -d -f4/root{ec2e79f3-0000-0000-0000-000000000000}037no level-{00000000-0000-0000-0000-000000000000}14911--- 11241100x80000000000000004279917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c542c060946e14f2022-01-04 14:19:11.180root 11241100x80000000000000004279918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f724431ac03ee82022-01-04 14:19:11.180root 11241100x80000000000000004279919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.180{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a60f3a7ff432e32022-01-04 14:19:11.180root 11241100x80000000000000004279920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.181{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fea7ac09fa56dd2022-01-04 14:19:11.181root 11241100x80000000000000004279921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.181{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65813daac6c3fe702022-01-04 14:19:11.181root 11241100x80000000000000004279922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.181{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dac360475707642022-01-04 14:19:11.181root 11241100x80000000000000004279923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d39c095a04d06102022-01-04 14:19:11.183root 11241100x80000000000000004279924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139feaae50d003762022-01-04 14:19:11.183root 11241100x80000000000000004279925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4531b3003db1a5992022-01-04 14:19:11.183root 11241100x80000000000000004279926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.183{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c1740ff1440f722022-01-04 14:19:11.183root 11241100x80000000000000004279927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.184{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f7d92935b4975e2022-01-04 14:19:11.184root 11241100x80000000000000004279928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.184{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef996d2849d485232022-01-04 14:19:11.184root 11241100x80000000000000004279929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.184{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2b2c66690b23172022-01-04 14:19:11.184root 11241100x80000000000000004279930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.185{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3bc73bd2544bea2022-01-04 14:19:11.185root 11241100x80000000000000004279931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.185{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc42241b143a4282022-01-04 14:19:11.185root 11241100x80000000000000004279932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed9655300d1067a2022-01-04 14:19:11.186root 11241100x80000000000000004279933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.186{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3902f333936069a42022-01-04 14:19:11.186root 11241100x80000000000000004279934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3ed6785ea244022022-01-04 14:19:11.187root 11241100x80000000000000004279935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d2d1dc665b612d2022-01-04 14:19:11.187root 11241100x80000000000000004279936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d84f1750f43fc62022-01-04 14:19:11.187root 11241100x80000000000000004279937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.187{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff43e871988f6d582022-01-04 14:19:11.187root 11241100x80000000000000004279938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8b5eedf0ae46012022-01-04 14:19:11.188root 11241100x80000000000000004279939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80b1ba018d38b12022-01-04 14:19:11.188root 11241100x80000000000000004279940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd2a51815bf1222022-01-04 14:19:11.188root 11241100x80000000000000004279941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc589e117505432022-01-04 14:19:11.188root 11241100x80000000000000004279942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.188{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd1672261476f1c2022-01-04 14:19:11.188root 11241100x80000000000000004279943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e46d3c89f6e0de72022-01-04 14:19:11.189root 11241100x80000000000000004279944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc158e0e077a081c2022-01-04 14:19:11.189root 11241100x80000000000000004279945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4910a43a64a257702022-01-04 14:19:11.189root 11241100x80000000000000004279946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926c95f94c0d48a92022-01-04 14:19:11.189root 11241100x80000000000000004279947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.189{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf94a6682aa35f2022-01-04 14:19:11.189root 11241100x80000000000000004279948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12542044d2b6e32b2022-01-04 14:19:11.190root 11241100x80000000000000004279949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ea066d5856eeb2022-01-04 14:19:11.190root 11241100x80000000000000004279950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.190{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0a9e88d354afa2022-01-04 14:19:11.190root 11241100x80000000000000004279951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7176ab356422ba2022-01-04 14:19:11.191root 11241100x80000000000000004279952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ef2b99b68448c42022-01-04 14:19:11.191root 11241100x80000000000000004279953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:11.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ac094996eba3a62022-01-04 14:19:11.191root 354300x80000000000000004280286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:26.127{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41526-false10.0.1.12-8000- 11241100x80000000000000004280287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efc30ffac36d9062022-01-04 14:19:26.459root 11241100x80000000000000004280288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66db88c7deb19242022-01-04 14:19:26.959root 354300x80000000000000004280289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.135{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42008-false10.0.1.12-8089- 11241100x80000000000000004280290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7547dc37e4deca2022-01-04 14:19:27.459root 11241100x80000000000000004280291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c471ddd8ed62f4ae2022-01-04 14:19:27.459root 11241100x80000000000000004280292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed032c32169b8012022-01-04 14:19:27.959root 11241100x80000000000000004280293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f73f1dd4b38c0ad2022-01-04 14:19:27.959root 11241100x80000000000000004280294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1bdc7c12b2c1f62022-01-04 14:19:28.459root 11241100x80000000000000004280295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1b4f0c56074a092022-01-04 14:19:28.459root 11241100x80000000000000004280296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ced9f4720f6a98b2022-01-04 14:19:28.959root 11241100x80000000000000004280297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36a4cf3fdf8e50f2022-01-04 14:19:28.959root 11241100x80000000000000004280298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4b12d2183648ad2022-01-04 14:19:29.459root 11241100x80000000000000004280299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87e42dd12be434b2022-01-04 14:19:29.459root 11241100x80000000000000004280300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108cbd11b81888e12022-01-04 14:19:29.959root 11241100x80000000000000004280301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:29.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c082561e2eb6a682022-01-04 14:19:29.959root 11241100x80000000000000004280302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db32a78211ade682022-01-04 14:19:30.459root 11241100x80000000000000004280303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c216613b7a85aa02022-01-04 14:19:30.459root 11241100x80000000000000004280304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3220cb0111f48872022-01-04 14:19:30.959root 11241100x80000000000000004280305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:30.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3b791371c56dc02022-01-04 14:19:30.959root 354300x80000000000000004280306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.151{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41530-false10.0.1.12-8000- 11241100x80000000000000004280307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:19:31.221root 11241100x80000000000000004280308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1f101a4a745c22022-01-04 14:19:31.222root 11241100x80000000000000004280309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf2eb48de1037f62022-01-04 14:19:31.222root 11241100x80000000000000004280310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74cf57c51b2a97a2022-01-04 14:19:31.222root 11241100x80000000000000004280311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb3382991a02202022-01-04 14:19:31.222root 11241100x80000000000000004280312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3868da4eb8c4895a2022-01-04 14:19:31.709root 11241100x80000000000000004280313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3700e3280fd5edc32022-01-04 14:19:31.709root 11241100x80000000000000004280314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2135a6b247b462092022-01-04 14:19:31.709root 11241100x80000000000000004280315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f962f8e117ef9e2022-01-04 14:19:31.710root 11241100x80000000000000004280316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef53dd5b85883062022-01-04 14:19:32.209root 11241100x80000000000000004280317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdbc31a045b062a2022-01-04 14:19:32.209root 11241100x80000000000000004280318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f851efcedcbbf0442022-01-04 14:19:32.209root 11241100x80000000000000004280319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3e8e19aa32b6102022-01-04 14:19:32.209root 11241100x80000000000000004280320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a4fac8416971c82022-01-04 14:19:32.710root 11241100x80000000000000004280321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e80ebf3879108a2022-01-04 14:19:32.710root 11241100x80000000000000004280322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4ad75a1f2911ae2022-01-04 14:19:32.710root 11241100x80000000000000004280323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bee1225c366c502022-01-04 14:19:32.710root 11241100x80000000000000004280324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202d9752f9ddb4632022-01-04 14:19:33.209root 11241100x80000000000000004280325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bbe03a21b666ab2022-01-04 14:19:33.209root 11241100x80000000000000004280326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc33626dc18d8f42022-01-04 14:19:33.209root 11241100x80000000000000004280327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e3010da2234c772022-01-04 14:19:33.209root 11241100x80000000000000004280328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc465acbabf2a5f52022-01-04 14:19:33.709root 11241100x80000000000000004280329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b60e808dfc03a192022-01-04 14:19:33.709root 11241100x80000000000000004280330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d5cd0b4208a2062022-01-04 14:19:33.709root 11241100x80000000000000004280331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a29213554c942e2022-01-04 14:19:33.709root 23542300x80000000000000004280332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.066{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004280333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbf35e11c391ddf2022-01-04 14:19:34.067root 11241100x80000000000000004280334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8f1c3b135c97172022-01-04 14:19:34.067root 11241100x80000000000000004280335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46eba575b8685e82022-01-04 14:19:34.067root 11241100x80000000000000004280336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d981eb8f11f7663b2022-01-04 14:19:34.067root 11241100x80000000000000004280337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e668fe258f8e1dbe2022-01-04 14:19:34.461root 11241100x80000000000000004280338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780e5fc2234ad5b42022-01-04 14:19:34.461root 11241100x80000000000000004280339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308a480a06a495bc2022-01-04 14:19:34.461root 11241100x80000000000000004280340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d1c5549c50e9032022-01-04 14:19:34.461root 11241100x80000000000000004280341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fcb7140d5f80e02022-01-04 14:19:34.461root 11241100x80000000000000004280342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773fef08e039db02022-01-04 14:19:34.959root 11241100x80000000000000004280343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51ca6587ebd65722022-01-04 14:19:34.959root 11241100x80000000000000004280344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca268341bd8f6542022-01-04 14:19:34.959root 11241100x80000000000000004280345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f532452e12c822e2022-01-04 14:19:34.959root 11241100x80000000000000004280346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:34.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cbab714d100b852022-01-04 14:19:34.959root 11241100x80000000000000004280347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46406b73a1ec97e2022-01-04 14:19:35.459root 11241100x80000000000000004280348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6874f5c131cac52022-01-04 14:19:35.459root 11241100x80000000000000004280349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5880d434992dd372022-01-04 14:19:35.459root 11241100x80000000000000004280350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120af6b8ec555ebf2022-01-04 14:19:35.459root 11241100x80000000000000004280351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a1323f4fd8670e2022-01-04 14:19:35.459root 11241100x80000000000000004280352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c215178b9d7bab32022-01-04 14:19:35.959root 11241100x80000000000000004280353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9bd3cce621d4f02022-01-04 14:19:35.959root 11241100x80000000000000004280354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46a647a0f9e65f82022-01-04 14:19:35.959root 11241100x80000000000000004280355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6c05d54f0ec40f2022-01-04 14:19:35.959root 11241100x80000000000000004280356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facea5d2ad188fa82022-01-04 14:19:35.959root 11241100x80000000000000004280357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631616fef846fba52022-01-04 14:19:36.459root 11241100x80000000000000004280358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c574f337af53b1f2022-01-04 14:19:36.459root 11241100x80000000000000004280359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f7aaf4a76de3742022-01-04 14:19:36.459root 11241100x80000000000000004280360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf443f8a544cb6c2022-01-04 14:19:36.459root 11241100x80000000000000004280361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e5f8ba262452f92022-01-04 14:19:36.459root 11241100x80000000000000004280362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7b9ef8dbb906582022-01-04 14:19:36.959root 11241100x80000000000000004280363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39c61557485b8fc2022-01-04 14:19:36.959root 11241100x80000000000000004280364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6b7e3bac316eae2022-01-04 14:19:36.959root 11241100x80000000000000004280365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f85ab1b3dc98b22022-01-04 14:19:36.959root 11241100x80000000000000004280366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0d27b6a2d2bf002022-01-04 14:19:36.959root 354300x80000000000000004280367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.124{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41532-false10.0.1.12-8000- 11241100x80000000000000004280368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3d3920b84c8ca32022-01-04 14:19:37.459root 11241100x80000000000000004280369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc19736ad6cd7b62022-01-04 14:19:37.459root 11241100x80000000000000004280370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0134136abc936db32022-01-04 14:19:37.459root 11241100x80000000000000004280371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73c7d9427ff7eb22022-01-04 14:19:37.459root 11241100x80000000000000004280372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4326fb8812e4112022-01-04 14:19:37.459root 11241100x80000000000000004280373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc7d600f67e42512022-01-04 14:19:37.459root 11241100x80000000000000004280374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b196d0433e1faf52022-01-04 14:19:37.959root 11241100x80000000000000004280375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40480359be5813572022-01-04 14:19:37.959root 11241100x80000000000000004280376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6320fc39775812022-01-04 14:19:37.959root 11241100x80000000000000004280377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa412a53db46e4932022-01-04 14:19:37.959root 11241100x80000000000000004280378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85de7382741011252022-01-04 14:19:37.959root 11241100x80000000000000004280379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97929fe6344b79932022-01-04 14:19:37.959root 11241100x80000000000000004280380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33108e3dae2b3de42022-01-04 14:19:38.459root 11241100x80000000000000004280381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff8f46619deee3f2022-01-04 14:19:38.459root 11241100x80000000000000004280382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9a133c423dec02022-01-04 14:19:38.459root 11241100x80000000000000004280383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a4aef451cf08382022-01-04 14:19:38.459root 11241100x80000000000000004280384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5fe643b00c30c32022-01-04 14:19:38.459root 11241100x80000000000000004280385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0854bded431a2c62022-01-04 14:19:38.460root 11241100x80000000000000004280386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff327be45daa0d32022-01-04 14:19:38.959root 11241100x80000000000000004280387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2942e9e3e9ef302022-01-04 14:19:38.959root 11241100x80000000000000004280388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c5b06d85849f2d2022-01-04 14:19:38.959root 11241100x80000000000000004280389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b6bc9a938cd2002022-01-04 14:19:38.959root 11241100x80000000000000004280390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf46ddbba5321fd2022-01-04 14:19:38.959root 11241100x80000000000000004280391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e3ccbe5570578e2022-01-04 14:19:38.959root 11241100x80000000000000004280392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b1d01d4b67f40e2022-01-04 14:19:39.459root 11241100x80000000000000004280393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415c3d5a4d0daf312022-01-04 14:19:39.459root 11241100x80000000000000004280394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c22b8f726a5d1692022-01-04 14:19:39.459root 11241100x80000000000000004280395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d31751b1de43d32022-01-04 14:19:39.459root 11241100x80000000000000004280396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8219db90ab280c932022-01-04 14:19:39.459root 11241100x80000000000000004280397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b7decb89cdf6162022-01-04 14:19:39.459root 11241100x80000000000000004280398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d292a4824081fb682022-01-04 14:19:39.959root 11241100x80000000000000004280399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d19a107164d232022-01-04 14:19:39.959root 11241100x80000000000000004280400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d61711ea0200b62022-01-04 14:19:39.959root 11241100x80000000000000004280401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4971b6e67adf38c52022-01-04 14:19:39.959root 11241100x80000000000000004280402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f850b1cc727b43152022-01-04 14:19:39.959root 11241100x80000000000000004280403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6f91a37c98155e2022-01-04 14:19:39.959root 11241100x80000000000000004280404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d493ebb1014e632022-01-04 14:19:40.459root 11241100x80000000000000004280405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c7331836bdd2822022-01-04 14:19:40.459root 11241100x80000000000000004280406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c06ceadc9f212582022-01-04 14:19:40.460root 11241100x80000000000000004280407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1484dfaeff914f92022-01-04 14:19:40.460root 11241100x80000000000000004280408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637f16b8da300aa42022-01-04 14:19:40.460root 11241100x80000000000000004280409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3a79d615bdcdc52022-01-04 14:19:40.460root 11241100x80000000000000004280410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f32b55e82c2c1a02022-01-04 14:19:40.959root 11241100x80000000000000004280411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d786caab2f7b5a792022-01-04 14:19:40.959root 11241100x80000000000000004280412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36842754540ccc302022-01-04 14:19:40.959root 11241100x80000000000000004280413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e517dc34e2019252022-01-04 14:19:40.959root 11241100x80000000000000004280414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed988f2f12488cfe2022-01-04 14:19:40.959root 11241100x80000000000000004280415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d582050733ae1c72022-01-04 14:19:40.959root 11241100x80000000000000004280416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967710db2b0366052022-01-04 14:19:41.459root 11241100x80000000000000004280417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850671b9e74b13452022-01-04 14:19:41.459root 11241100x80000000000000004280418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da700358ec3d4812022-01-04 14:19:41.460root 11241100x80000000000000004280419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f951cb6981dc28482022-01-04 14:19:41.460root 11241100x80000000000000004280420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd94314c14be2762022-01-04 14:19:41.460root 11241100x80000000000000004280421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52dc82073dfb1e62022-01-04 14:19:41.460root 11241100x80000000000000004280422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01163eda39be79182022-01-04 14:19:41.959root 11241100x80000000000000004280423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9188314a91e242d2022-01-04 14:19:41.960root 11241100x80000000000000004280424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146db41ab4a9a92c2022-01-04 14:19:41.960root 11241100x80000000000000004280425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c735ac28b2ec232022-01-04 14:19:41.960root 11241100x80000000000000004280426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9723701509b5102022-01-04 14:19:41.960root 11241100x80000000000000004280427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffefc8990a78b7452022-01-04 14:19:41.961root 354300x80000000000000004280428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.202{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41534-false10.0.1.12-8000- 11241100x80000000000000004280429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8743bf13c5943a972022-01-04 14:19:42.459root 11241100x80000000000000004280430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fed3abfa12b48452022-01-04 14:19:42.459root 11241100x80000000000000004280431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d50379c931c8cc12022-01-04 14:19:42.459root 11241100x80000000000000004280432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8273f3022136d822022-01-04 14:19:42.459root 11241100x80000000000000004280433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2125a85e8f5288972022-01-04 14:19:42.460root 11241100x80000000000000004280434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a1c01c90363cf52022-01-04 14:19:42.460root 11241100x80000000000000004280435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7ed347865b5f5c2022-01-04 14:19:42.460root 11241100x80000000000000004280436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca75fb46548bbed92022-01-04 14:19:42.959root 11241100x80000000000000004280437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a554a9929d102b2022-01-04 14:19:42.959root 11241100x80000000000000004280438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fafa2993f88061f2022-01-04 14:19:42.959root 11241100x80000000000000004280439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb36f22d1dd5b272022-01-04 14:19:42.959root 11241100x80000000000000004280440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aaf4e14d8f99222022-01-04 14:19:42.960root 11241100x80000000000000004280441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811e178271b24352022-01-04 14:19:42.960root 11241100x80000000000000004280442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb36437ecd880b052022-01-04 14:19:42.960root 11241100x80000000000000004280443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a4ad45fd9c2ca82022-01-04 14:19:43.459root 11241100x80000000000000004280444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c51f3b39fa1dfbe2022-01-04 14:19:43.460root 11241100x80000000000000004280445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01817388f22258402022-01-04 14:19:43.460root 11241100x80000000000000004280446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03ab58ce9e335592022-01-04 14:19:43.460root 11241100x80000000000000004280447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d083eee0293cd82022-01-04 14:19:43.460root 11241100x80000000000000004280448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c02d4f9c3e51362022-01-04 14:19:43.460root 11241100x80000000000000004280449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34243f36f188a6622022-01-04 14:19:43.460root 11241100x80000000000000004280450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de052e709be3f41c2022-01-04 14:19:43.959root 11241100x80000000000000004280451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce9a915c7269da02022-01-04 14:19:43.959root 11241100x80000000000000004280452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6976bb89c545d80d2022-01-04 14:19:43.959root 11241100x80000000000000004280453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb9d4c7c2c47fbe2022-01-04 14:19:43.959root 11241100x80000000000000004280454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0131b27db1eb0712022-01-04 14:19:43.959root 11241100x80000000000000004280455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e996066b9c87882022-01-04 14:19:43.960root 11241100x80000000000000004280456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f190ba5c0e4fc5cd2022-01-04 14:19:43.960root 11241100x80000000000000004280457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0012fcbacce562212022-01-04 14:19:44.459root 11241100x80000000000000004280458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1481da0625148b2022-01-04 14:19:44.459root 11241100x80000000000000004280459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966366faf9101e7b2022-01-04 14:19:44.459root 11241100x80000000000000004280460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0259762fe6fa5f9e2022-01-04 14:19:44.459root 11241100x80000000000000004280461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aaebd1330ba3a82022-01-04 14:19:44.459root 11241100x80000000000000004280462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5ff47b3e8a5c2c2022-01-04 14:19:44.459root 11241100x80000000000000004280463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb478d804f2dc7e2022-01-04 14:19:44.460root 11241100x80000000000000004280464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec0c8914f8d0bfd2022-01-04 14:19:44.959root 11241100x80000000000000004280465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1ca8fbbb3819392022-01-04 14:19:44.959root 11241100x80000000000000004280466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7190c7e139820672022-01-04 14:19:44.959root 11241100x80000000000000004280467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad3ce16affa09fe2022-01-04 14:19:44.960root 11241100x80000000000000004280468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbbc96a5fe337612022-01-04 14:19:44.960root 11241100x80000000000000004280469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41df6a5626a835b72022-01-04 14:19:44.960root 11241100x80000000000000004280470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c0bdedca4ced632022-01-04 14:19:44.960root 11241100x80000000000000004280471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c38048ff8536e2022-01-04 14:19:45.459root 11241100x80000000000000004280472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbbc1d69427c17e2022-01-04 14:19:45.459root 11241100x80000000000000004280473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5327ff18d27661492022-01-04 14:19:45.459root 11241100x80000000000000004280474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6737f99e5f2c4df52022-01-04 14:19:45.459root 11241100x80000000000000004280475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2607bf4bb49394c92022-01-04 14:19:45.459root 11241100x80000000000000004280476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf7b445016c6ea42022-01-04 14:19:45.460root 11241100x80000000000000004280477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc181f90195a30432022-01-04 14:19:45.460root 11241100x80000000000000004280478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733dc4c5420641b42022-01-04 14:19:45.959root 11241100x80000000000000004280479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f5da96ca907d212022-01-04 14:19:45.960root 11241100x80000000000000004280480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e84225aa78cbd702022-01-04 14:19:45.960root 11241100x80000000000000004280481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00724fc081ac5fda2022-01-04 14:19:45.960root 11241100x80000000000000004280482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f98c735f59da4fe2022-01-04 14:19:45.960root 11241100x80000000000000004280483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba385428cbd6caa2022-01-04 14:19:45.960root 11241100x80000000000000004280484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5835b41b777ea52022-01-04 14:19:45.960root 11241100x80000000000000004280485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dbd65c1d2cbeca2022-01-04 14:19:46.459root 11241100x80000000000000004280486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a8690f5d7949d22022-01-04 14:19:46.459root 11241100x80000000000000004280487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdac5e0c7693e4fe2022-01-04 14:19:46.459root 11241100x80000000000000004280488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d558ad92a8ea91632022-01-04 14:19:46.459root 11241100x80000000000000004280489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a60bae3a3a96d92022-01-04 14:19:46.459root 11241100x80000000000000004280490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb3bdd1f5488f42022-01-04 14:19:46.460root 11241100x80000000000000004280491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249e012bde94e46a2022-01-04 14:19:46.460root 11241100x80000000000000004280492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048e9ad01045ab842022-01-04 14:19:46.959root 11241100x80000000000000004280493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77bb3a5885f7c552022-01-04 14:19:46.959root 11241100x80000000000000004280494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6674a53779f16b272022-01-04 14:19:46.959root 11241100x80000000000000004280495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7542f446bc09eb2022-01-04 14:19:46.959root 11241100x80000000000000004280496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61db4bf31135e2ca2022-01-04 14:19:46.960root 11241100x80000000000000004280497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8744c15d2d9c94972022-01-04 14:19:46.960root 11241100x80000000000000004280498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49deb44588c13bd2022-01-04 14:19:46.960root 11241100x80000000000000004280499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a44941200e0e432022-01-04 14:19:47.459root 11241100x80000000000000004280500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfde591baa3c7de2022-01-04 14:19:47.459root 11241100x80000000000000004280501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada1655c33e767e22022-01-04 14:19:47.459root 11241100x80000000000000004280502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e8bef840429da42022-01-04 14:19:47.459root 11241100x80000000000000004280503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a9420e9e3917d92022-01-04 14:19:47.459root 11241100x80000000000000004280504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370a462233a039a2022-01-04 14:19:47.459root 11241100x80000000000000004280505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b086b7091c929ab2022-01-04 14:19:47.460root 11241100x80000000000000004280506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85de1a0189b6889f2022-01-04 14:19:47.959root 11241100x80000000000000004280507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4e826a609876702022-01-04 14:19:47.959root 11241100x80000000000000004280508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259439a03bd137252022-01-04 14:19:47.959root 11241100x80000000000000004280509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c61e7fb00ce082022-01-04 14:19:47.959root 11241100x80000000000000004280510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95555bf21bf35cb52022-01-04 14:19:47.959root 11241100x80000000000000004280511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6449d2c0e7d278742022-01-04 14:19:47.959root 11241100x80000000000000004280512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c964436b18a942022-01-04 14:19:47.960root 354300x80000000000000004280513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.098{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41536-false10.0.1.12-8000- 11241100x80000000000000004280514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5788340145d9202022-01-04 14:19:48.459root 11241100x80000000000000004280515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34eb76a3ff6e04c2022-01-04 14:19:48.459root 11241100x80000000000000004280516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392939d7ea3dc1da2022-01-04 14:19:48.459root 11241100x80000000000000004280517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa66a3e5d8a43f532022-01-04 14:19:48.459root 11241100x80000000000000004280518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31510a941041eb322022-01-04 14:19:48.459root 11241100x80000000000000004280519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e1f9ff86715c52022-01-04 14:19:48.460root 11241100x80000000000000004280520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359cf4d9c3a51a832022-01-04 14:19:48.460root 11241100x80000000000000004280521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7fcc16dab08fe12022-01-04 14:19:48.460root 11241100x80000000000000004280522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c75b996b406ce02022-01-04 14:19:48.959root 11241100x80000000000000004280523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b8b48408207b3e2022-01-04 14:19:48.959root 11241100x80000000000000004280524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569261faa18538c62022-01-04 14:19:48.959root 11241100x80000000000000004280525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe983a8d9aa0c862022-01-04 14:19:48.959root 11241100x80000000000000004280526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b4a25b4278a91a2022-01-04 14:19:48.959root 11241100x80000000000000004280527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81934b18e06f428f2022-01-04 14:19:48.960root 11241100x80000000000000004280528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3b5bb2382e0f7d2022-01-04 14:19:48.960root 11241100x80000000000000004280529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6352b0935680252022-01-04 14:19:48.960root 11241100x80000000000000004280530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfeb6eb47d9cb9e2022-01-04 14:19:49.459root 11241100x80000000000000004280531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841a9f3f91693ce2022-01-04 14:19:49.459root 11241100x80000000000000004280532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982ddccfa0964832022-01-04 14:19:49.459root 11241100x80000000000000004280533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d261d2e6bdea3bf2022-01-04 14:19:49.459root 11241100x80000000000000004280534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa2cecf14cc63a92022-01-04 14:19:49.459root 11241100x80000000000000004280535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caccdd5f5333418c2022-01-04 14:19:49.460root 11241100x80000000000000004280536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69ff3438590bec52022-01-04 14:19:49.460root 11241100x80000000000000004280537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dff682c836710b12022-01-04 14:19:49.460root 11241100x80000000000000004280538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeff9502d222cca2022-01-04 14:19:49.959root 11241100x80000000000000004280539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba865e30a7bf5df2022-01-04 14:19:49.959root 11241100x80000000000000004280540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b35c13c1a453f42022-01-04 14:19:49.959root 11241100x80000000000000004280541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2fb9105e7591402022-01-04 14:19:49.959root 11241100x80000000000000004280542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9678323a2977ee2022-01-04 14:19:49.959root 11241100x80000000000000004280543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49685cac05517d2022-01-04 14:19:49.960root 11241100x80000000000000004280544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194076fc70d86d42022-01-04 14:19:49.960root 11241100x80000000000000004280545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0b2e658089ae5e2022-01-04 14:19:49.960root 11241100x80000000000000004280546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad54f9714853cb62022-01-04 14:19:50.460root 11241100x80000000000000004280547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d746fe3905071702022-01-04 14:19:50.460root 11241100x80000000000000004280548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3dd6b0ad35039e2022-01-04 14:19:50.460root 11241100x80000000000000004280549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ea290109ead42a2022-01-04 14:19:50.460root 11241100x80000000000000004280550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c684d2326b31a792022-01-04 14:19:50.460root 11241100x80000000000000004280551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8024fe81f253982022-01-04 14:19:50.460root 11241100x80000000000000004280552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51884b9f3f75ee8f2022-01-04 14:19:50.460root 11241100x80000000000000004280553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cb6d40009253092022-01-04 14:19:50.460root 11241100x80000000000000004280554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63adc48e44d22b472022-01-04 14:19:50.959root 11241100x80000000000000004280555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9bf255da0b0592022-01-04 14:19:50.959root 11241100x80000000000000004280556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2da63e97570d952022-01-04 14:19:50.959root 11241100x80000000000000004280557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b07b1701932b1232022-01-04 14:19:50.959root 11241100x80000000000000004280558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f1aeb3cfa13e5f2022-01-04 14:19:50.959root 11241100x80000000000000004280559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e24a97871157012022-01-04 14:19:50.960root 11241100x80000000000000004280560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f141b911517fbd2022-01-04 14:19:50.960root 11241100x80000000000000004280561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88729127ad7a96872022-01-04 14:19:50.960root 11241100x80000000000000004280562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6049fef62b1595a2022-01-04 14:19:51.459root 11241100x80000000000000004280563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8acb59ecab37a852022-01-04 14:19:51.459root 11241100x80000000000000004280564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72afd9cc1589ab0f2022-01-04 14:19:51.459root 11241100x80000000000000004280565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8015aa12ec7eb2e2022-01-04 14:19:51.459root 11241100x80000000000000004280566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aad43ab298009b02022-01-04 14:19:51.459root 11241100x80000000000000004280567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb4e873f91dc31e2022-01-04 14:19:51.460root 11241100x80000000000000004280568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8e0ffcd928d7b32022-01-04 14:19:51.460root 11241100x80000000000000004280569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf17cfb21567b9e2022-01-04 14:19:51.460root 11241100x80000000000000004280570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cab8b191b5feeab2022-01-04 14:19:51.959root 11241100x80000000000000004280571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfa1baef46c37f62022-01-04 14:19:51.959root 11241100x80000000000000004280572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a1f7473922c972022-01-04 14:19:51.959root 11241100x80000000000000004280573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c5b83a75635b512022-01-04 14:19:51.959root 11241100x80000000000000004280574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e772db86b0b0d82022-01-04 14:19:51.960root 11241100x80000000000000004280575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023a76388b586a062022-01-04 14:19:51.960root 11241100x80000000000000004280576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440cc23a6faeb0dd2022-01-04 14:19:51.960root 11241100x80000000000000004280577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9914b6988bf18d2022-01-04 14:19:51.960root 11241100x80000000000000004280578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820467c6b923de492022-01-04 14:19:52.459root 11241100x80000000000000004280579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2da30e4fe5549a52022-01-04 14:19:52.459root 11241100x80000000000000004280580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f782fa34d0142262022-01-04 14:19:52.459root 11241100x80000000000000004280581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb11e7ab2307c68f2022-01-04 14:19:52.459root 11241100x80000000000000004280582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd24be24a3b5072022-01-04 14:19:52.459root 11241100x80000000000000004280583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89aafa7a38607f12022-01-04 14:19:52.459root 11241100x80000000000000004280584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a85b6414738a172022-01-04 14:19:52.460root 11241100x80000000000000004280585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fdb3cb2ad2bfb02022-01-04 14:19:52.460root 11241100x80000000000000004280586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4926643250f5552022-01-04 14:19:52.959root 11241100x80000000000000004280587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4b3cda5a492002022-01-04 14:19:52.959root 11241100x80000000000000004280588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176eddb97a75108a2022-01-04 14:19:52.959root 11241100x80000000000000004280589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d6b1d4b00cdb6f2022-01-04 14:19:52.959root 11241100x80000000000000004280590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bc3d17caac34bf2022-01-04 14:19:52.959root 11241100x80000000000000004280591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bcb406803942632022-01-04 14:19:52.960root 11241100x80000000000000004280592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda460b56e80c8df2022-01-04 14:19:52.960root 11241100x80000000000000004280593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee31e9ee5a4e496d2022-01-04 14:19:52.960root 354300x80000000000000004280594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.165{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41538-false10.0.1.12-8000- 11241100x80000000000000004280595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c8342ec00f4bc72022-01-04 14:19:53.459root 11241100x80000000000000004280596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e279142bc5f202022-01-04 14:19:53.459root 11241100x80000000000000004280597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b922e726abbbb61b2022-01-04 14:19:53.459root 11241100x80000000000000004280598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6542542fd28f70102022-01-04 14:19:53.459root 11241100x80000000000000004280599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e921402119ffe22022-01-04 14:19:53.459root 11241100x80000000000000004280600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d606456278855a542022-01-04 14:19:53.460root 11241100x80000000000000004280601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e98c4fecb37e892022-01-04 14:19:53.460root 11241100x80000000000000004280602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b8879c3df987512022-01-04 14:19:53.460root 11241100x80000000000000004280603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdea142672bb9642022-01-04 14:19:53.460root 11241100x80000000000000004280604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e094735b3d4878fb2022-01-04 14:19:53.959root 11241100x80000000000000004280605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520c0ec041f041f42022-01-04 14:19:53.959root 11241100x80000000000000004280606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4212866dd03dd8782022-01-04 14:19:53.959root 11241100x80000000000000004280607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e922d95572de9e2022-01-04 14:19:53.959root 11241100x80000000000000004280608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2374b4c499e06112022-01-04 14:19:53.959root 11241100x80000000000000004280609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ede203a44390172022-01-04 14:19:53.959root 11241100x80000000000000004280610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e064e8a1d299792022-01-04 14:19:53.960root 11241100x80000000000000004280611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cdbaf722d84f782022-01-04 14:19:53.960root 11241100x80000000000000004280612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7757c9b642fbc22022-01-04 14:19:53.960root 11241100x80000000000000004280613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f5e86c6e524ced2022-01-04 14:19:54.459root 11241100x80000000000000004280614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83642f6e082ce462022-01-04 14:19:54.459root 11241100x80000000000000004280615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7546fe41ca936a2022-01-04 14:19:54.459root 11241100x80000000000000004280616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c059cc0b0331592022-01-04 14:19:54.459root 11241100x80000000000000004280617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c369e44c377d12022-01-04 14:19:54.460root 11241100x80000000000000004280618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504a027a3825cded2022-01-04 14:19:54.460root 11241100x80000000000000004280619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe39695bd100a2ff2022-01-04 14:19:54.460root 11241100x80000000000000004280620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ec69b2b934baa62022-01-04 14:19:54.460root 11241100x80000000000000004280621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538958f100f3d88a2022-01-04 14:19:54.460root 154100x80000000000000004280622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.896{ec2e79f3-578a-61d4-e876-5f8e9c550000}14992/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2e79f3-575f-61d4-e803-000000000000}100037no level-{ec2e79f3-575f-61d4-0844-b7e58b550000}14975/bin/bash-bashubuntu 11241100x80000000000000004280623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a196e07c99ed69c22022-01-04 14:19:54.898root 11241100x80000000000000004280624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e96289269faa482022-01-04 14:19:54.898root 11241100x80000000000000004280625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3042b3103238eaf2022-01-04 14:19:54.898root 11241100x80000000000000004280626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.898{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb400d682a4b1aa2022-01-04 14:19:54.898root 11241100x80000000000000004280627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d15e14658d3fc2022-01-04 14:19:54.899root 11241100x80000000000000004280628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45099311227fc5b2022-01-04 14:19:54.899root 534500x80000000000000004280629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-578a-61d4-e876-5f8e9c550000}14992/bin/lsubuntu 11241100x80000000000000004280630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baec7ee1ed6f7d62022-01-04 14:19:54.899root 11241100x80000000000000004280631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d629eee5c3734a2022-01-04 14:19:54.899root 11241100x80000000000000004280632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d326cffd0ebb1dfe2022-01-04 14:19:54.899root 11241100x80000000000000004280633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:54.899{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c48316fa9d702f72022-01-04 14:19:54.899root 11241100x80000000000000004280634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baf16dfd4b43a772022-01-04 14:19:55.209root 11241100x80000000000000004280635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04965f9edac497eb2022-01-04 14:19:55.209root 11241100x80000000000000004280636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48384aab3b88453f2022-01-04 14:19:55.209root 11241100x80000000000000004280637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9728f176a2a0172022-01-04 14:19:55.209root 11241100x80000000000000004280638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d85ff42ac1cd4452022-01-04 14:19:55.209root 11241100x80000000000000004280639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8853bfc7ec9a762022-01-04 14:19:55.210root 11241100x80000000000000004280640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747bfc9ec9ddbddd2022-01-04 14:19:55.210root 11241100x80000000000000004280641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af285a95ecc0ca692022-01-04 14:19:55.210root 11241100x80000000000000004280642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cd01bc50ee7d282022-01-04 14:19:55.210root 11241100x80000000000000004280643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e2f46ad59cab0a2022-01-04 14:19:55.210root 11241100x80000000000000004280644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a8bcd822ebbb752022-01-04 14:19:55.210root 11241100x80000000000000004280645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b29a37e497528b2022-01-04 14:19:55.709root 11241100x80000000000000004280646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feb39251f5dff602022-01-04 14:19:55.710root 11241100x80000000000000004280647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceaa1e25c4ac59f2022-01-04 14:19:55.710root 11241100x80000000000000004280648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88593add7e66af012022-01-04 14:19:55.710root 11241100x80000000000000004280649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c508824f4f7072de2022-01-04 14:19:55.710root 11241100x80000000000000004280650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757a57a507fcfae52022-01-04 14:19:55.710root 11241100x80000000000000004280651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7eec618c521512022-01-04 14:19:55.710root 11241100x80000000000000004280652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b91d00ad4143582022-01-04 14:19:55.710root 11241100x80000000000000004280653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c006337e53c94812022-01-04 14:19:55.710root 11241100x80000000000000004280654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bca46fa91dcc3a2022-01-04 14:19:55.710root 11241100x80000000000000004280655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea8c8888ded105f2022-01-04 14:19:55.710root 11241100x80000000000000004280656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b697bad89d8a05512022-01-04 14:19:56.209root 11241100x80000000000000004280657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52af8d810c3414ff2022-01-04 14:19:56.209root 11241100x80000000000000004280658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7282987fbfe7b9df2022-01-04 14:19:56.210root 11241100x80000000000000004280659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d46332698c3c242022-01-04 14:19:56.210root 11241100x80000000000000004280660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac3c29b60d80102022-01-04 14:19:56.210root 11241100x80000000000000004280661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af20a1d3ce81d07f2022-01-04 14:19:56.210root 11241100x80000000000000004280662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4215376d3352530c2022-01-04 14:19:56.210root 11241100x80000000000000004280663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b008f76f3ec93d2022-01-04 14:19:56.210root 11241100x80000000000000004280664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2e95d4544920232022-01-04 14:19:56.210root 11241100x80000000000000004280665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d268c018e76d9d2022-01-04 14:19:56.211root 11241100x80000000000000004280666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055e081e4ecfd7d82022-01-04 14:19:56.211root 11241100x80000000000000004280667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424f999715cf32012022-01-04 14:19:56.709root 11241100x80000000000000004280668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd56318ad88639c2022-01-04 14:19:56.710root 11241100x80000000000000004280669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8963980f0d6400862022-01-04 14:19:56.710root 11241100x80000000000000004280670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b5607604c977212022-01-04 14:19:56.710root 11241100x80000000000000004280671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de788ef53a11dd432022-01-04 14:19:56.710root 11241100x80000000000000004280672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5be662cf98db9e2022-01-04 14:19:56.710root 11241100x80000000000000004280673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d468e86eed27e62022-01-04 14:19:56.710root 11241100x80000000000000004280674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e122d2747802f22022-01-04 14:19:56.710root 11241100x80000000000000004280675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80ea30dcb5baf012022-01-04 14:19:56.710root 11241100x80000000000000004280676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacfffb2d9e3dff72022-01-04 14:19:56.711root 11241100x80000000000000004280677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7b54996c289a792022-01-04 14:19:56.711root 11241100x80000000000000004280678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad540ead784774c2022-01-04 14:19:57.209root 11241100x80000000000000004280679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373110772da585b52022-01-04 14:19:57.209root 11241100x80000000000000004280680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4207309e390daa2022-01-04 14:19:57.210root 11241100x80000000000000004280681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e19740147a3c8d2022-01-04 14:19:57.210root 11241100x80000000000000004280682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939dcdf1f3c037f92022-01-04 14:19:57.210root 11241100x80000000000000004280683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a18f441066b9a92022-01-04 14:19:57.210root 11241100x80000000000000004280684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e70adc3cb75142022-01-04 14:19:57.210root 11241100x80000000000000004280685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00ad267f622ff9e2022-01-04 14:19:57.210root 11241100x80000000000000004280686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044fe22b3ba2df962022-01-04 14:19:57.210root 11241100x80000000000000004280687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5972f27533a231602022-01-04 14:19:57.210root 11241100x80000000000000004280688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07091ca0c78d1c8e2022-01-04 14:19:57.210root 11241100x80000000000000004280689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5269a60c757db2a42022-01-04 14:19:57.709root 11241100x80000000000000004280690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7c75f38b5b02ef2022-01-04 14:19:57.710root 11241100x80000000000000004280691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28eeac6c8c029bb2022-01-04 14:19:57.710root 11241100x80000000000000004280692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0318547c1cbb8c2022-01-04 14:19:57.710root 11241100x80000000000000004280693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405f6ec1b1d032662022-01-04 14:19:57.710root 11241100x80000000000000004280694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a355e441324c0f82022-01-04 14:19:57.710root 11241100x80000000000000004280695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b099f6ae08b978b2022-01-04 14:19:57.710root 11241100x80000000000000004280696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bebe87336314132022-01-04 14:19:57.710root 11241100x80000000000000004280697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e640d78303edbab2022-01-04 14:19:57.711root 11241100x80000000000000004280698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d34386cee6e4402022-01-04 14:19:57.711root 11241100x80000000000000004280699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff59644ee0c4619e2022-01-04 14:19:57.711root 11241100x80000000000000004280700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc3033d12b72fa62022-01-04 14:19:58.209root 11241100x80000000000000004280701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c198cf7ce49da5d12022-01-04 14:19:58.209root 11241100x80000000000000004280702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b2e2524f23f4e22022-01-04 14:19:58.209root 11241100x80000000000000004280703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae61d0d9d44e188e2022-01-04 14:19:58.210root 11241100x80000000000000004280704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dece0ada102578bd2022-01-04 14:19:58.210root 11241100x80000000000000004280705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43fb81a8e0b1e9f2022-01-04 14:19:58.210root 11241100x80000000000000004280706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeb4d2c921b22162022-01-04 14:19:58.210root 11241100x80000000000000004280707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace86469441dbf372022-01-04 14:19:58.210root 11241100x80000000000000004280708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d52f5b5250b08f2022-01-04 14:19:58.210root 11241100x80000000000000004280709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ee128fc571858e2022-01-04 14:19:58.210root 11241100x80000000000000004280710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af54121024aa23f62022-01-04 14:19:58.210root 11241100x80000000000000004280711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1870513cc13f6d52022-01-04 14:19:58.709root 11241100x80000000000000004280712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593009498094c882022-01-04 14:19:58.712root 11241100x80000000000000004280713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357441656c6e71bd2022-01-04 14:19:58.712root 11241100x80000000000000004280714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934bf4b407b67b032022-01-04 14:19:58.712root 11241100x80000000000000004280715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb399d3eb75de4282022-01-04 14:19:58.713root 11241100x80000000000000004280716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2d8b11d65e608c2022-01-04 14:19:58.714root 11241100x80000000000000004280717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58c3496ee1cf3622022-01-04 14:19:58.714root 11241100x80000000000000004280718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89aa57b5f3408ac2022-01-04 14:19:58.714root 11241100x80000000000000004280719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994dfbc2e1797352022-01-04 14:19:58.714root 11241100x80000000000000004280720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0da908e8ae1f02022-01-04 14:19:58.714root 11241100x80000000000000004280721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a4195f4cb1cbff2022-01-04 14:19:58.714root 354300x80000000000000004280722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.090{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41540-false10.0.1.12-8000- 11241100x80000000000000004280723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.091{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28100c53109d02922022-01-04 14:19:59.091root 11241100x80000000000000004280724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.091{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0ad7e3da297b1d2022-01-04 14:19:59.091root 11241100x80000000000000004280725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39929d1cf7186d482022-01-04 14:19:59.092root 11241100x80000000000000004280726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1aa686c4891e8482022-01-04 14:19:59.092root 11241100x80000000000000004280727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a9e211964bf45f2022-01-04 14:19:59.092root 11241100x80000000000000004280728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7ad200cb91bf212022-01-04 14:19:59.092root 11241100x80000000000000004280729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4811b0ce8562f272022-01-04 14:19:59.092root 11241100x80000000000000004280730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.092{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a68b7b7bb2e21012022-01-04 14:19:59.092root 11241100x80000000000000004280731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4facd2a8ae622a9d2022-01-04 14:19:59.093root 11241100x80000000000000004280732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a6c5506396f1122022-01-04 14:19:59.093root 11241100x80000000000000004280733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea1f8839d3c59e52022-01-04 14:19:59.093root 11241100x80000000000000004280734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.093{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22b367fd535915b2022-01-04 14:19:59.093root 11241100x80000000000000004280735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f84bac6c9cdac52022-01-04 14:19:59.459root 11241100x80000000000000004280736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d294061ba25a9d2022-01-04 14:19:59.459root 11241100x80000000000000004280737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d905dfa9106bc3862022-01-04 14:19:59.459root 11241100x80000000000000004280738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82111e19822cca102022-01-04 14:19:59.459root 11241100x80000000000000004280739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a64142dccf8400b2022-01-04 14:19:59.459root 11241100x80000000000000004280740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f18e6da06a92702022-01-04 14:19:59.460root 11241100x80000000000000004280741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f0f41514385d082022-01-04 14:19:59.460root 11241100x80000000000000004280742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cfc1fd4c17605c2022-01-04 14:19:59.460root 11241100x80000000000000004280743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f8216d346273542022-01-04 14:19:59.460root 11241100x80000000000000004280744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e5552abf9c50352022-01-04 14:19:59.460root 11241100x80000000000000004280745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb9a0c07a95c2f2022-01-04 14:19:59.460root 11241100x80000000000000004280746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f3b0649511a132022-01-04 14:19:59.460root 11241100x80000000000000004280747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90868aac012dbedd2022-01-04 14:19:59.959root 11241100x80000000000000004280748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a363955305254b2022-01-04 14:19:59.959root 11241100x80000000000000004280749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dda22fed2e7bd362022-01-04 14:19:59.960root 11241100x80000000000000004280750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfad11672fae45222022-01-04 14:19:59.960root 11241100x80000000000000004280751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f4a362a40accca2022-01-04 14:19:59.960root 11241100x80000000000000004280752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39cc768f89080652022-01-04 14:19:59.960root 11241100x80000000000000004280753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac4c005b70082f12022-01-04 14:19:59.961root 11241100x80000000000000004280754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66138a76d7dc4b0f2022-01-04 14:19:59.961root 11241100x80000000000000004280755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc4e78b34686cc62022-01-04 14:19:59.961root 11241100x80000000000000004280756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bc0d1afed946442022-01-04 14:19:59.961root 11241100x80000000000000004280757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa391b52f7d00f632022-01-04 14:19:59.961root 11241100x80000000000000004280758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:19:59.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdc868563a927812022-01-04 14:19:59.961root 11241100x80000000000000004280759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed44c474b6fc7aa2022-01-04 14:20:00.460root 11241100x80000000000000004280760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b713a37ec312e12022-01-04 14:20:00.460root 11241100x80000000000000004280761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621455ef6563b9ba2022-01-04 14:20:00.460root 11241100x80000000000000004280762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2517f0cbb05243482022-01-04 14:20:00.460root 11241100x80000000000000004280763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62bfd3b449cbfa2022-01-04 14:20:00.460root 11241100x80000000000000004280764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8a20573b1740ec2022-01-04 14:20:00.460root 11241100x80000000000000004280765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e90c1e75186c332022-01-04 14:20:00.460root 11241100x80000000000000004280766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb01fd3254a96f52022-01-04 14:20:00.460root 11241100x80000000000000004280767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0191b4cfd6721f102022-01-04 14:20:00.460root 11241100x80000000000000004280768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec55f2c9dac139d2022-01-04 14:20:00.461root 11241100x80000000000000004280769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74b6ff12b794622022-01-04 14:20:00.461root 11241100x80000000000000004280770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de1834760267a8d2022-01-04 14:20:00.461root 11241100x80000000000000004280771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f62988f4bc1b9f62022-01-04 14:20:00.959root 11241100x80000000000000004280772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2af8def7e4a0242022-01-04 14:20:00.959root 11241100x80000000000000004280773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d077655c58e8a62022-01-04 14:20:00.960root 11241100x80000000000000004280774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393917a112e35eda2022-01-04 14:20:00.960root 11241100x80000000000000004280775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e72c03c68d5e712022-01-04 14:20:00.960root 11241100x80000000000000004280776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92adc81ef21dd5e72022-01-04 14:20:00.960root 11241100x80000000000000004280777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69f1b9725a8de802022-01-04 14:20:00.960root 11241100x80000000000000004280778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4559408bdb54d22022-01-04 14:20:00.960root 11241100x80000000000000004280779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e04e8be48c6f222022-01-04 14:20:00.960root 11241100x80000000000000004280780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ea3140b71bb4cd2022-01-04 14:20:00.960root 11241100x80000000000000004280781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043b11fc50fe3f5f2022-01-04 14:20:00.960root 11241100x80000000000000004280782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:00.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4824d72ccf23882022-01-04 14:20:00.960root 11241100x80000000000000004280783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-04 14:20:01.221root 11241100x80000000000000004280784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fdbe1a0c9398372022-01-04 14:20:01.222root 11241100x80000000000000004280785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaf0561fbec9a062022-01-04 14:20:01.222root 11241100x80000000000000004280786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85f032d1d8db4ba2022-01-04 14:20:01.223root 11241100x80000000000000004280787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cded1b6aa5cea812022-01-04 14:20:01.223root 11241100x80000000000000004280788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd777e47d41bf0892022-01-04 14:20:01.223root 11241100x80000000000000004280789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb07f539920e0972022-01-04 14:20:01.223root 11241100x80000000000000004280790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604cb9fd2e6feb7b2022-01-04 14:20:01.223root 11241100x80000000000000004280791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8394ad1412d492782022-01-04 14:20:01.223root 11241100x80000000000000004280792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffd2048ff38e1f42022-01-04 14:20:01.223root 11241100x80000000000000004280793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0e85d0c209483b2022-01-04 14:20:01.223root 11241100x80000000000000004280794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b9d41188778d642022-01-04 14:20:01.224root 11241100x80000000000000004280795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affe56f37cf769e92022-01-04 14:20:01.224root 11241100x80000000000000004280796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688f49a58061dc732022-01-04 14:20:01.224root 11241100x80000000000000004280797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb3826e0bbd788a2022-01-04 14:20:01.709root 11241100x80000000000000004280798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3550d21599c82b4b2022-01-04 14:20:01.709root 11241100x80000000000000004280799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d4de291684e80c2022-01-04 14:20:01.709root 11241100x80000000000000004280800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f156bb17f579b52022-01-04 14:20:01.709root 11241100x80000000000000004280801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9501c6bb266c98762022-01-04 14:20:01.709root 11241100x80000000000000004280802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5da819ad92acd4b2022-01-04 14:20:01.710root 11241100x80000000000000004280803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9da3713325f45192022-01-04 14:20:01.710root 11241100x80000000000000004280804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce468dab3b7a55d2022-01-04 14:20:01.711root 11241100x80000000000000004280805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19303d8ca53ed4c2022-01-04 14:20:01.711root 11241100x80000000000000004280806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc522bf03dc7c3b52022-01-04 14:20:01.711root 11241100x80000000000000004280807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6076c64fc6f47a402022-01-04 14:20:01.711root 11241100x80000000000000004280808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c2502caf1050222022-01-04 14:20:01.711root 11241100x80000000000000004280809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:01.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f168fa10a9d1fbf82022-01-04 14:20:01.712root 11241100x80000000000000004280810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a74d0b0231ef9e32022-01-04 14:20:02.209root 11241100x80000000000000004280811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b90e19ef53decb2022-01-04 14:20:02.209root 11241100x80000000000000004280812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df63b0743b3e66dd2022-01-04 14:20:02.209root 11241100x80000000000000004280813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1231df685cfcd12022-01-04 14:20:02.209root 11241100x80000000000000004280814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23147f03f0ddf992022-01-04 14:20:02.210root 11241100x80000000000000004280815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f4816860f4265f2022-01-04 14:20:02.210root 11241100x80000000000000004280816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c91cd1872dff0c2022-01-04 14:20:02.210root 11241100x80000000000000004280817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfefa4062d2838a2022-01-04 14:20:02.210root 11241100x80000000000000004280818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463789590733ec082022-01-04 14:20:02.210root 11241100x80000000000000004280819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a487104276574d422022-01-04 14:20:02.211root 11241100x80000000000000004280820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5e9a5de16279012022-01-04 14:20:02.211root 11241100x80000000000000004280821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c665f14b591e36e92022-01-04 14:20:02.211root 11241100x80000000000000004280822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fdafc55014c6c22022-01-04 14:20:02.211root 11241100x80000000000000004280823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a83d6f905b3d732022-01-04 14:20:02.709root 11241100x80000000000000004280824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecedcf258deaea3e2022-01-04 14:20:02.710root 11241100x80000000000000004280825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a26ec2b39bb0b0f2022-01-04 14:20:02.710root 11241100x80000000000000004280826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b407bf6a4e05772022-01-04 14:20:02.710root 11241100x80000000000000004280827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585a0ba68aa4d68e2022-01-04 14:20:02.711root 11241100x80000000000000004280828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc58bc2d6da805f52022-01-04 14:20:02.711root 11241100x80000000000000004280829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba15619f64c8d6aa2022-01-04 14:20:02.711root 11241100x80000000000000004280830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c9e62c4e9d058e2022-01-04 14:20:02.711root 11241100x80000000000000004280831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f42516187636c972022-01-04 14:20:02.712root 11241100x80000000000000004280832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb554aec024dfc32022-01-04 14:20:02.712root 11241100x80000000000000004280833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3297bfb82910a62022-01-04 14:20:02.712root 11241100x80000000000000004280834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b45af46eb57242022-01-04 14:20:02.712root 11241100x80000000000000004280835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:02.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015029853038887b2022-01-04 14:20:02.712root 11241100x80000000000000004280836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d3058ec705ca2e2022-01-04 14:20:03.209root 11241100x80000000000000004280837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becd64e81d69f86a2022-01-04 14:20:03.209root 11241100x80000000000000004280838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb0aec59b7c681b2022-01-04 14:20:03.210root 11241100x80000000000000004280839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6b97446a449d242022-01-04 14:20:03.210root 11241100x80000000000000004280840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6f21f2cf6029472022-01-04 14:20:03.210root 11241100x80000000000000004280841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011cd6ee64eed79d2022-01-04 14:20:03.210root 11241100x80000000000000004280842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be376467cc72e0002022-01-04 14:20:03.210root 11241100x80000000000000004280843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895aad718c6c42f92022-01-04 14:20:03.210root 11241100x80000000000000004280844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f0239c0310876e2022-01-04 14:20:03.210root 11241100x80000000000000004280845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51598f8fac6c54032022-01-04 14:20:03.210root 11241100x80000000000000004280846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e1229d7c48e772022-01-04 14:20:03.210root 11241100x80000000000000004280847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485b2a89775ece1c2022-01-04 14:20:03.210root 11241100x80000000000000004280848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a22fffd969dada2022-01-04 14:20:03.210root 11241100x80000000000000004280849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b8358dae5b03c52022-01-04 14:20:03.709root 11241100x80000000000000004280850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b020a452cdd5a5f2022-01-04 14:20:03.709root 11241100x80000000000000004280851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a50f2eb42286d2022-01-04 14:20:03.709root 11241100x80000000000000004280852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872329fee04ba1fc2022-01-04 14:20:03.710root 11241100x80000000000000004280853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6532afce6388d62022-01-04 14:20:03.710root 11241100x80000000000000004280854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa4823ca7c1b4ef2022-01-04 14:20:03.710root 11241100x80000000000000004280855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f169469d5339cd2022-01-04 14:20:03.710root 11241100x80000000000000004280856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2da8df8c6db32452022-01-04 14:20:03.710root 11241100x80000000000000004280857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bae3c3a4c430f1c2022-01-04 14:20:03.711root 11241100x80000000000000004280858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdb3ac30ee4ac4c2022-01-04 14:20:03.711root 11241100x80000000000000004280859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5656e6c8e43eaa652022-01-04 14:20:03.711root 11241100x80000000000000004280860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bbcd327f9c3a392022-01-04 14:20:03.711root 11241100x80000000000000004280861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e61bd02365228122022-01-04 14:20:03.712root 354300x80000000000000004280862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.162{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41542-false10.0.1.12-8000- 11241100x80000000000000004280863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32a77d7fb8464c52022-01-04 14:20:04.163root 11241100x80000000000000004280864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5775ccad49c7312022-01-04 14:20:04.163root 11241100x80000000000000004280865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062144e9465b6bee2022-01-04 14:20:04.164root 11241100x80000000000000004280866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31680657db908c02022-01-04 14:20:04.164root 11241100x80000000000000004280867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182d6d8344abe5a92022-01-04 14:20:04.164root 11241100x80000000000000004280868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ab2410099b593c2022-01-04 14:20:04.164root 11241100x80000000000000004280869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132c0f52cf05a10b2022-01-04 14:20:04.164root 11241100x80000000000000004280870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8793c74207d078792022-01-04 14:20:04.164root 11241100x80000000000000004280871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0934e9699021bb6a2022-01-04 14:20:04.164root 11241100x80000000000000004280872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5683b52302a116992022-01-04 14:20:04.164root 11241100x80000000000000004280873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05abaef98b709eaf2022-01-04 14:20:04.165root 11241100x80000000000000004280874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871d59e55507227f2022-01-04 14:20:04.165root 11241100x80000000000000004280875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d40cb98cad89252022-01-04 14:20:04.165root 11241100x80000000000000004280876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f03a95b9b2fa972022-01-04 14:20:04.165root 11241100x80000000000000004280877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6abfcf23993e2e2022-01-04 14:20:04.165root 23542300x80000000000000004280878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004280879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0a0d9061872ae72022-01-04 14:20:04.460root 11241100x80000000000000004280880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01dde87a7cc0a62022-01-04 14:20:04.460root 11241100x80000000000000004280881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb28bcc59510727a2022-01-04 14:20:04.460root 11241100x80000000000000004280882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be17e9bfbbcc58a2022-01-04 14:20:04.460root 11241100x80000000000000004280883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bdbc14ed0d9c552022-01-04 14:20:04.460root 11241100x80000000000000004280884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c187e411bbd8e62022-01-04 14:20:04.460root 11241100x80000000000000004280885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb5483768bcee72022-01-04 14:20:04.460root 11241100x80000000000000004280886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cc34c03e9c75ac2022-01-04 14:20:04.460root 11241100x80000000000000004280887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b4d07e37e51aa32022-01-04 14:20:04.460root 11241100x80000000000000004280888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc6baab6ce4b762022-01-04 14:20:04.461root 11241100x80000000000000004280889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf6ae4b4dbd2de32022-01-04 14:20:04.461root 11241100x80000000000000004280890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd81c33b0ca262072022-01-04 14:20:04.461root 11241100x80000000000000004280891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e846ba5ca086a2022-01-04 14:20:04.461root 11241100x80000000000000004280892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ee641d338afc42022-01-04 14:20:04.461root 11241100x80000000000000004280893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fbdcd7ac835a742022-01-04 14:20:04.461root 11241100x80000000000000004280894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07325803ae71fb92022-01-04 14:20:04.959root 11241100x80000000000000004280895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d1ddc92167af472022-01-04 14:20:04.960root 11241100x80000000000000004280896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f895e13fb00fa8092022-01-04 14:20:04.960root 11241100x80000000000000004280897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bdfffd2600a9752022-01-04 14:20:04.960root 11241100x80000000000000004280898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a843bed036bc87cb2022-01-04 14:20:04.960root 11241100x80000000000000004280899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863d5f2034eefd912022-01-04 14:20:04.960root 11241100x80000000000000004280900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2f9c31853ac122022-01-04 14:20:04.960root 11241100x80000000000000004280901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a81578d411af4792022-01-04 14:20:04.960root 11241100x80000000000000004280902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3745d1dd147af59b2022-01-04 14:20:04.960root 11241100x80000000000000004280903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dd56c7d7d7316d2022-01-04 14:20:04.961root 11241100x80000000000000004280904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f2d74ec08baa52022-01-04 14:20:04.961root 11241100x80000000000000004280905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be0d38b9f3a9fd2022-01-04 14:20:04.961root 11241100x80000000000000004280906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664d18a8362dd4e92022-01-04 14:20:04.961root 11241100x80000000000000004280907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb681751c07ff6212022-01-04 14:20:04.961root 11241100x80000000000000004280908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:04.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e74e2c744689ffc2022-01-04 14:20:04.961root 11241100x80000000000000004280909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b115472b8d97d02022-01-04 14:20:05.460root 11241100x80000000000000004280910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50508e53483f95ce2022-01-04 14:20:05.460root 11241100x80000000000000004280911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62e7690a6a316c2022-01-04 14:20:05.460root 11241100x80000000000000004280912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e06402125f0274c2022-01-04 14:20:05.460root 11241100x80000000000000004280913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f330d717e19788662022-01-04 14:20:05.460root 11241100x80000000000000004280914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7019e3e664437702022-01-04 14:20:05.460root 11241100x80000000000000004280915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413745288f2aba742022-01-04 14:20:05.460root 11241100x80000000000000004280916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3cac7eb898fda2022-01-04 14:20:05.460root 11241100x80000000000000004280917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765d6ed1ddfc9462022-01-04 14:20:05.461root 11241100x80000000000000004280918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b879dd063a4d9a612022-01-04 14:20:05.461root 11241100x80000000000000004280919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0d27de2dd7ad742022-01-04 14:20:05.461root 11241100x80000000000000004280920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882c814aa7a687c62022-01-04 14:20:05.461root 11241100x80000000000000004280921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e93b79a5da7590b2022-01-04 14:20:05.461root 11241100x80000000000000004280922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999c5cb4d5254c32022-01-04 14:20:05.461root 11241100x80000000000000004280923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa7f6e55e444db72022-01-04 14:20:05.461root 11241100x80000000000000004280924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0ba9ae4de6b3d22022-01-04 14:20:05.960root 11241100x80000000000000004280925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1d661cc5cfbfb2022-01-04 14:20:05.960root 11241100x80000000000000004280926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e7aca0186e5482022-01-04 14:20:05.960root 11241100x80000000000000004280927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d446ef4ef7cbc92022-01-04 14:20:05.960root 11241100x80000000000000004280928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66ab681f774fb52022-01-04 14:20:05.960root 11241100x80000000000000004280929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab1ff35e51b15702022-01-04 14:20:05.960root 11241100x80000000000000004280930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f014ab6b6a9c01dc2022-01-04 14:20:05.960root 11241100x80000000000000004280931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52caaf0488793e32022-01-04 14:20:05.960root 11241100x80000000000000004280932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc1f9b1b9559e862022-01-04 14:20:05.960root 11241100x80000000000000004280933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6492d457d1f1f2f72022-01-04 14:20:05.960root 11241100x80000000000000004280934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d653ce3d2e321552022-01-04 14:20:05.960root 11241100x80000000000000004280935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a789d88e424e2d32022-01-04 14:20:05.960root 11241100x80000000000000004280936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7852e2fef31ead8b2022-01-04 14:20:05.961root 11241100x80000000000000004280937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141126136f36a5492022-01-04 14:20:05.961root 11241100x80000000000000004280938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:05.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae330075538a5fe92022-01-04 14:20:05.961root 11241100x80000000000000004280939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cdd0cfaa2000572022-01-04 14:20:06.459root 11241100x80000000000000004280940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f1b0a34f3505582022-01-04 14:20:06.460root 11241100x80000000000000004280941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dbabc6bc6c1c022022-01-04 14:20:06.460root 11241100x80000000000000004280942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca4dd21d6bce3482022-01-04 14:20:06.460root 11241100x80000000000000004280943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8742ff68e9c78c12022-01-04 14:20:06.460root 11241100x80000000000000004280944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a2bbd1b12b57fc2022-01-04 14:20:06.460root 11241100x80000000000000004280945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfcb0093a4c089e2022-01-04 14:20:06.460root 11241100x80000000000000004280946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc17a773a62bbf02022-01-04 14:20:06.460root 11241100x80000000000000004280947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0867e4d6691fa68e2022-01-04 14:20:06.460root 11241100x80000000000000004280948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfe379049bdc05e2022-01-04 14:20:06.460root 11241100x80000000000000004280949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a90b849d703ff2022-01-04 14:20:06.461root 11241100x80000000000000004280950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2868f9b47bf908232022-01-04 14:20:06.461root 11241100x80000000000000004280951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484785336c181de72022-01-04 14:20:06.461root 11241100x80000000000000004280952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdca361e64231eee2022-01-04 14:20:06.461root 11241100x80000000000000004280953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db198f98e83dae4e2022-01-04 14:20:06.461root 154100x80000000000000004280954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.855{ec2e79f3-5796-61d4-6874-315d0a560000}14993/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000004280955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9252252ddba3c2022-01-04 14:20:06.856root 11241100x80000000000000004280956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d293ae1a075b70d12022-01-04 14:20:06.856root 11241100x80000000000000004280957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d099590e2f785742022-01-04 14:20:06.856root 11241100x80000000000000004280958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be622d3265614b22022-01-04 14:20:06.856root 11241100x80000000000000004280959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0faf4a4d9192c62022-01-04 14:20:06.856root 11241100x80000000000000004280960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad168a0bc06b23b2022-01-04 14:20:06.856root 11241100x80000000000000004280961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.856{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a77a18d160b4732022-01-04 14:20:06.856root 11241100x80000000000000004280962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f859f89f4a448b7f2022-01-04 14:20:06.857root 11241100x80000000000000004280963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ecc214f12516ea2022-01-04 14:20:06.857root 11241100x80000000000000004280964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637f972447858ab42022-01-04 14:20:06.857root 11241100x80000000000000004280965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcc21c2f42207e02022-01-04 14:20:06.857root 11241100x80000000000000004280966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b11b066c0bbd22022-01-04 14:20:06.857root 11241100x80000000000000004280967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d7bc111621c0572022-01-04 14:20:06.857root 11241100x80000000000000004280968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be863d4efc40c2982022-01-04 14:20:06.857root 11241100x80000000000000004280969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813a156a841d24cb2022-01-04 14:20:06.857root 11241100x80000000000000004280970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.857{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a5542ff603a7342022-01-04 14:20:06.857root 534500x80000000000000004280971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:06.868{ec2e79f3-5796-61d4-6874-315d0a560000}14993/bin/psroot 11241100x80000000000000004280972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22d70f85b1b9b742022-01-04 14:20:07.209root 11241100x80000000000000004280973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77345669c5aeadbe2022-01-04 14:20:07.209root 11241100x80000000000000004280974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883ef20b80fe4a2a2022-01-04 14:20:07.209root 11241100x80000000000000004280975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e222ffdccdcfdf5a2022-01-04 14:20:07.209root 11241100x80000000000000004280976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b862bf06d6238b872022-01-04 14:20:07.210root 11241100x80000000000000004280977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994ae701fb7501cb2022-01-04 14:20:07.210root 11241100x80000000000000004280978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06685a06f94766632022-01-04 14:20:07.210root 11241100x80000000000000004280979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c051f28ea415d2022-01-04 14:20:07.210root 11241100x80000000000000004280980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66073a2f75dc7a92022-01-04 14:20:07.210root 11241100x80000000000000004280981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe3b8531a93aab2022-01-04 14:20:07.210root 11241100x80000000000000004280982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2c156108bf8da82022-01-04 14:20:07.210root 11241100x80000000000000004280983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434b3df695502d3e2022-01-04 14:20:07.210root 11241100x80000000000000004280984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f92ec7447d222b62022-01-04 14:20:07.210root 11241100x80000000000000004280985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb882d91f37544b2022-01-04 14:20:07.210root 11241100x80000000000000004280986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39070879e30d19d82022-01-04 14:20:07.210root 11241100x80000000000000004280987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c3f2ebabc434d2022-01-04 14:20:07.210root 11241100x80000000000000004280988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3631f1b92e68df12022-01-04 14:20:07.210root 11241100x80000000000000004280989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31424d95e1efaba92022-01-04 14:20:07.710root 11241100x80000000000000004280990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f678f8ac56b99092022-01-04 14:20:07.710root 11241100x80000000000000004280991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7266f7ec61623c282022-01-04 14:20:07.711root 11241100x80000000000000004280992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de42765e1b5fd712022-01-04 14:20:07.711root 11241100x80000000000000004280993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5bfe8a9a59d562022-01-04 14:20:07.711root 11241100x80000000000000004280994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa3f50bb3db7c4e2022-01-04 14:20:07.711root 11241100x80000000000000004280995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82204381215963f42022-01-04 14:20:07.712root 11241100x80000000000000004280996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54acdaf50446645a2022-01-04 14:20:07.712root 11241100x80000000000000004280997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7db407174b3fcde2022-01-04 14:20:07.712root 11241100x80000000000000004280998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384c68a8b076e1e72022-01-04 14:20:07.712root 11241100x80000000000000004280999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbfd90c55314a532022-01-04 14:20:07.712root 11241100x80000000000000004281000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e044f1753a64222022-01-04 14:20:07.712root 11241100x80000000000000004281001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bebb65fd6a527f2022-01-04 14:20:07.712root 11241100x80000000000000004281002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb1f9de4eb022832022-01-04 14:20:07.712root 11241100x80000000000000004281003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba2b91b53099cf92022-01-04 14:20:07.712root 11241100x80000000000000004281004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0035bdcb7f425a192022-01-04 14:20:07.712root 11241100x80000000000000004281005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:07.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874aac389baa9a6d2022-01-04 14:20:07.712root 11241100x80000000000000004281006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10effd57c737d1162022-01-04 14:20:08.210root 11241100x80000000000000004281007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce45188dff900402022-01-04 14:20:08.210root 11241100x80000000000000004281008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2df0079896217522022-01-04 14:20:08.210root 11241100x80000000000000004281009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ebc812e12a74a22022-01-04 14:20:08.210root 11241100x80000000000000004281010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7acfc69ed00e6b2022-01-04 14:20:08.210root 11241100x80000000000000004281011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0502f53ece0d3c902022-01-04 14:20:08.210root 11241100x80000000000000004281012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813d6e030e08378d2022-01-04 14:20:08.210root 11241100x80000000000000004281013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b6077e7dc54c802022-01-04 14:20:08.210root 11241100x80000000000000004281014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d34f69daf0452e62022-01-04 14:20:08.210root 11241100x80000000000000004281015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be35059edaf01282022-01-04 14:20:08.210root 11241100x80000000000000004281016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e85135da9e6dbf2022-01-04 14:20:08.210root 11241100x80000000000000004281017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574e9b05d714f3c42022-01-04 14:20:08.210root 11241100x80000000000000004281018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b49eae347bc90f2022-01-04 14:20:08.210root 11241100x80000000000000004281019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb7bb3e0b3037812022-01-04 14:20:08.210root 11241100x80000000000000004281020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0cbbc4c45fd9d2022-01-04 14:20:08.211root 11241100x80000000000000004281021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6f741bdbced7ab2022-01-04 14:20:08.211root 11241100x80000000000000004281022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cd35bec7d84e892022-01-04 14:20:08.211root 11241100x80000000000000004281023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4022666c6d0bcb2022-01-04 14:20:08.709root 11241100x80000000000000004281024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c772a140edb5264a2022-01-04 14:20:08.709root 11241100x80000000000000004281025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a59a2fbbc743fb2022-01-04 14:20:08.710root 11241100x80000000000000004281026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec14e3503b11209c2022-01-04 14:20:08.710root 11241100x80000000000000004281027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b51e1ffb359bcb2022-01-04 14:20:08.710root 11241100x80000000000000004281028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5268938a1ac3a992022-01-04 14:20:08.710root 11241100x80000000000000004281029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3bbc51d287c06f2022-01-04 14:20:08.710root 11241100x80000000000000004281030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08a22223f72a472022-01-04 14:20:08.710root 11241100x80000000000000004281031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc75aba029148fe02022-01-04 14:20:08.710root 11241100x80000000000000004281032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99475fa76f27fbac2022-01-04 14:20:08.710root 11241100x80000000000000004281033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f952642736d3be252022-01-04 14:20:08.710root 11241100x80000000000000004281034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dae666ef430cdb2022-01-04 14:20:08.710root 11241100x80000000000000004281035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35dffe1dfcfe06e2022-01-04 14:20:08.710root 11241100x80000000000000004281036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837c40b8fa021e3b2022-01-04 14:20:08.710root 11241100x80000000000000004281037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed653f57b75cae72022-01-04 14:20:08.710root 11241100x80000000000000004281038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b52b0243e4755c2022-01-04 14:20:08.711root 11241100x80000000000000004281039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeed266acfec91242022-01-04 14:20:08.711root 11241100x80000000000000004281040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ecacc10962db092022-01-04 14:20:09.209root 11241100x80000000000000004281041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc29ab8efbe933582022-01-04 14:20:09.209root 11241100x80000000000000004281042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf59dc40663528ec2022-01-04 14:20:09.209root 11241100x80000000000000004281043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257c3c0dc54f4b4f2022-01-04 14:20:09.210root 11241100x80000000000000004281044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9897dfa97855132022-01-04 14:20:09.210root 11241100x80000000000000004281045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c4724344a4d4ca2022-01-04 14:20:09.210root 11241100x80000000000000004281046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afdf1ff2496124c2022-01-04 14:20:09.210root 11241100x80000000000000004281047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f58aa308b3bcea2022-01-04 14:20:09.210root 11241100x80000000000000004281048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c7d6f12f073362022-01-04 14:20:09.210root 11241100x80000000000000004281049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594aa481329d01852022-01-04 14:20:09.210root 11241100x80000000000000004281050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc184014fcd1b1d2022-01-04 14:20:09.210root 11241100x80000000000000004281051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839699e35885bf1a2022-01-04 14:20:09.210root 11241100x80000000000000004281052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9914e849a5fd8422022-01-04 14:20:09.210root 11241100x80000000000000004281053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fea1b18606b4fa2022-01-04 14:20:09.210root 11241100x80000000000000004281054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7faa56b2308db252022-01-04 14:20:09.210root 11241100x80000000000000004281055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c057ebf1bd208e872022-01-04 14:20:09.210root 11241100x80000000000000004281056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659ff67b2d20be02022-01-04 14:20:09.211root 11241100x80000000000000004281057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3a06e9920639c02022-01-04 14:20:09.710root 11241100x80000000000000004281058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c761e713be69142022-01-04 14:20:09.710root 11241100x80000000000000004281059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ba0511fee3d4a82022-01-04 14:20:09.710root 11241100x80000000000000004281060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7df8789fb6d55552022-01-04 14:20:09.710root 11241100x80000000000000004281061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fec3d028fc31d72022-01-04 14:20:09.710root 11241100x80000000000000004281062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0defdb101b622a72022-01-04 14:20:09.710root 11241100x80000000000000004281063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fc8bcfc99050fe2022-01-04 14:20:09.710root 11241100x80000000000000004281064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e01e4d4b8fcfa2022-01-04 14:20:09.711root 11241100x80000000000000004281065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f44bda77ea2bea2022-01-04 14:20:09.711root 11241100x80000000000000004281066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47533f95100362d82022-01-04 14:20:09.711root 11241100x80000000000000004281067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075dea1dfa3418eb2022-01-04 14:20:09.711root 11241100x80000000000000004281068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0327ccc409df89372022-01-04 14:20:09.711root 11241100x80000000000000004281069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6057010475109a8e2022-01-04 14:20:09.711root 11241100x80000000000000004281070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc351a47b85be08d2022-01-04 14:20:09.711root 11241100x80000000000000004281071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61e2ea75a7f989b2022-01-04 14:20:09.712root 11241100x80000000000000004281072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd3f004bd051e1c2022-01-04 14:20:09.712root 11241100x80000000000000004281073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:09.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93728dd857ce55a92022-01-04 14:20:09.712root 354300x80000000000000004281074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.122{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41544-false10.0.1.12-8000- 11241100x80000000000000004281075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f1dae105e165a22022-01-04 14:20:10.123root 11241100x80000000000000004281076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf474877ddc138592022-01-04 14:20:10.123root 11241100x80000000000000004281077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6280cac9f180489b2022-01-04 14:20:10.123root 11241100x80000000000000004281078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a408785351ceefc2022-01-04 14:20:10.123root 11241100x80000000000000004281079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effd1cd5457b50462022-01-04 14:20:10.123root 11241100x80000000000000004281080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb4ec3fbe435d72022-01-04 14:20:10.123root 11241100x80000000000000004281081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c472f4119dd5c442022-01-04 14:20:10.123root 11241100x80000000000000004281082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1662fbfc2b1c6a702022-01-04 14:20:10.123root 11241100x80000000000000004281083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec91ecdcaa94cd812022-01-04 14:20:10.123root 11241100x80000000000000004281084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a90d253caf6132022-01-04 14:20:10.123root 11241100x80000000000000004281085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.123{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cf15be73bced0f2022-01-04 14:20:10.123root 11241100x80000000000000004281086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1e5e4de1e0b4f02022-01-04 14:20:10.124root 11241100x80000000000000004281087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4f5d08ad50612d2022-01-04 14:20:10.124root 11241100x80000000000000004281088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bd65b6e6bb8dc42022-01-04 14:20:10.124root 11241100x80000000000000004281089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859abc048bd139d42022-01-04 14:20:10.124root 11241100x80000000000000004281090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1874d7bc9945da8a2022-01-04 14:20:10.124root 11241100x80000000000000004281091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb08791825e799a2022-01-04 14:20:10.124root 11241100x80000000000000004281092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b76682c09c5a70d2022-01-04 14:20:10.124root 11241100x80000000000000004281093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e8a07026c58f02022-01-04 14:20:10.124root 11241100x80000000000000004281094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2ebcfb9a502e972022-01-04 14:20:10.124root 11241100x80000000000000004281095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.124{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f83e66844bce4a2022-01-04 14:20:10.124root 11241100x80000000000000004281096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75266289b2522242022-01-04 14:20:10.459root 11241100x80000000000000004281097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c94220e12e39b3e2022-01-04 14:20:10.459root 11241100x80000000000000004281098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3014da4ef0acfe72022-01-04 14:20:10.459root 11241100x80000000000000004281099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc7657afff9753a2022-01-04 14:20:10.459root 11241100x80000000000000004281100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f21ccbb0f62b942022-01-04 14:20:10.459root 11241100x80000000000000004281101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785a8964fc765a192022-01-04 14:20:10.459root 11241100x80000000000000004281102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532fba5ac5e3c1652022-01-04 14:20:10.459root 11241100x80000000000000004281103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc0f44098a25dbe2022-01-04 14:20:10.460root 11241100x80000000000000004281104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8133d6113ce9d142022-01-04 14:20:10.460root 11241100x80000000000000004281105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c35b2f19de75f72022-01-04 14:20:10.460root 11241100x80000000000000004281106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acc289d165c681b2022-01-04 14:20:10.460root 11241100x80000000000000004281107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59e6ea618dbeb62022-01-04 14:20:10.460root 11241100x80000000000000004281108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f3b3028b4c50b82022-01-04 14:20:10.460root 11241100x80000000000000004281109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b18946ef5125422022-01-04 14:20:10.460root 11241100x80000000000000004281110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ffc6006df33d3a2022-01-04 14:20:10.460root 11241100x80000000000000004281111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391060107faa98592022-01-04 14:20:10.460root 11241100x80000000000000004281112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c3e571e5ece2482022-01-04 14:20:10.460root 11241100x80000000000000004281113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cb926ddfadc1e42022-01-04 14:20:10.460root 11241100x80000000000000004281114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5f311deddc96062022-01-04 14:20:10.959root 11241100x80000000000000004281115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed668dbf569dea6f2022-01-04 14:20:10.960root 11241100x80000000000000004281116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f131a2e5ac2f9cef2022-01-04 14:20:10.960root 11241100x80000000000000004281117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3ff81367a28b272022-01-04 14:20:10.960root 11241100x80000000000000004281118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb14f10fdf4c9a0c2022-01-04 14:20:10.960root 11241100x80000000000000004281119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b74201ebb77970a2022-01-04 14:20:10.960root 11241100x80000000000000004281120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9fe1944eae24502022-01-04 14:20:10.960root 11241100x80000000000000004281121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b78440f21deab62022-01-04 14:20:10.960root 11241100x80000000000000004281122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15400337221f4632022-01-04 14:20:10.960root 11241100x80000000000000004281123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8a8272a9a6903a2022-01-04 14:20:10.961root 11241100x80000000000000004281124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9a8b9aafeca3be2022-01-04 14:20:10.961root 11241100x80000000000000004281125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c26d105987e21c2022-01-04 14:20:10.961root 11241100x80000000000000004281126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6776c5bb05fd02022-01-04 14:20:10.961root 11241100x80000000000000004281127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38735a3554973feb2022-01-04 14:20:10.961root 11241100x80000000000000004281128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf73163f9af1e22022-01-04 14:20:10.961root 11241100x80000000000000004281129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfac2dd1bc029d72022-01-04 14:20:10.961root 11241100x80000000000000004281130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa6bbaec0a565022022-01-04 14:20:10.961root 11241100x80000000000000004281131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c21c2e7d1208ce12022-01-04 14:20:10.962root 11241100x80000000000000004281132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2fe5302f6a759d2022-01-04 14:20:11.460root 11241100x80000000000000004281133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd8a3ebab4b41702022-01-04 14:20:11.460root 11241100x80000000000000004281134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad6833c0668a3c2022-01-04 14:20:11.460root 11241100x80000000000000004281135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610b022dbe93d8e52022-01-04 14:20:11.460root 11241100x80000000000000004281136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca215bec6941de962022-01-04 14:20:11.460root 11241100x80000000000000004281137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6821c241c832e95d2022-01-04 14:20:11.460root 11241100x80000000000000004281138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888d8df2720cfd12022-01-04 14:20:11.460root 11241100x80000000000000004281139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80449242b1093c1c2022-01-04 14:20:11.460root 11241100x80000000000000004281140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c05f6f6419ea22022-01-04 14:20:11.460root 11241100x80000000000000004281141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0887660daa38a2022-01-04 14:20:11.460root 11241100x80000000000000004281142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5851d92699a20c5b2022-01-04 14:20:11.460root 11241100x80000000000000004281143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7f8328ca6ddd592022-01-04 14:20:11.461root 11241100x80000000000000004281144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de06e43fe3e0912022-01-04 14:20:11.461root 11241100x80000000000000004281145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadc45bf4b0755c32022-01-04 14:20:11.461root 11241100x80000000000000004281146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f4133c325835b12022-01-04 14:20:11.461root 11241100x80000000000000004281147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f867f2f27d79a42022-01-04 14:20:11.461root 11241100x80000000000000004281148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b165a87b41f3fa2022-01-04 14:20:11.461root 11241100x80000000000000004281149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3005dd6e7455e02022-01-04 14:20:11.461root 11241100x80000000000000004281150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a145c5630a1b1d2022-01-04 14:20:11.959root 11241100x80000000000000004281151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65430385c35441a22022-01-04 14:20:11.959root 11241100x80000000000000004281152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a623d98285f474d22022-01-04 14:20:11.959root 11241100x80000000000000004281153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea7bcf309e33af42022-01-04 14:20:11.959root 11241100x80000000000000004281154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5896afce7a9c4c2022-01-04 14:20:11.960root 11241100x80000000000000004281155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d69baeaeeb565412022-01-04 14:20:11.960root 11241100x80000000000000004281156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6b4104aa8455f72022-01-04 14:20:11.960root 11241100x80000000000000004281157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b014fe5b741066ce2022-01-04 14:20:11.960root 11241100x80000000000000004281158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a229ec6d2ba93f102022-01-04 14:20:11.960root 11241100x80000000000000004281159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd49b6d9ffe2ead2022-01-04 14:20:11.960root 11241100x80000000000000004281160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306f58c155279c32022-01-04 14:20:11.960root 11241100x80000000000000004281161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f977d700d52a042022-01-04 14:20:11.960root 11241100x80000000000000004281162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ddefa1da243ca32022-01-04 14:20:11.961root 11241100x80000000000000004281163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eccec8346c1837d2022-01-04 14:20:11.961root 11241100x80000000000000004281164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72754e70377585152022-01-04 14:20:11.961root 11241100x80000000000000004281165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcc35bc99dceab02022-01-04 14:20:11.961root 11241100x80000000000000004281166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b4371b78d7385e2022-01-04 14:20:11.961root 11241100x80000000000000004281167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:11.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04600f8a646d44f2022-01-04 14:20:11.961root 11241100x80000000000000004281168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140efc9352531bea2022-01-04 14:20:12.460root 11241100x80000000000000004281169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c08e6ef2f3bb162022-01-04 14:20:12.460root 11241100x80000000000000004281170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e986935511d0847a2022-01-04 14:20:12.460root 11241100x80000000000000004281171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8d807aeb5956b02022-01-04 14:20:12.460root 11241100x80000000000000004281172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb93a66d622b9402022-01-04 14:20:12.460root 11241100x80000000000000004281173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751009ba00ddab362022-01-04 14:20:12.461root 11241100x80000000000000004281174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa5116f742a09132022-01-04 14:20:12.461root 11241100x80000000000000004281175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a12ac6983b44b82022-01-04 14:20:12.461root 11241100x80000000000000004281176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c80bfed77b2e8fb2022-01-04 14:20:12.462root 11241100x80000000000000004281177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7af8026b44b0f42022-01-04 14:20:12.462root 11241100x80000000000000004281178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c94f7f1d5a81a8c2022-01-04 14:20:12.462root 11241100x80000000000000004281179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21edb8bb5069f4632022-01-04 14:20:12.462root 11241100x80000000000000004281180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5e20e6334065fa2022-01-04 14:20:12.462root 11241100x80000000000000004281181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5371e311a7dbe3342022-01-04 14:20:12.463root 11241100x80000000000000004281182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1327e51eec94162022-01-04 14:20:12.463root 11241100x80000000000000004281183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa9fc8d868eec362022-01-04 14:20:12.463root 11241100x80000000000000004281184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b15f707b891cbd32022-01-04 14:20:12.463root 11241100x80000000000000004281185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c2f00bed6693b42022-01-04 14:20:12.463root 11241100x80000000000000004281186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab69f160df73a7a2022-01-04 14:20:12.960root 11241100x80000000000000004281187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c175104f8e77e22022-01-04 14:20:12.960root 11241100x80000000000000004281188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4565d83ca8e0aea52022-01-04 14:20:12.960root 11241100x80000000000000004281189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299ec00d6e3ec2082022-01-04 14:20:12.960root 11241100x80000000000000004281190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191cda580a15a83a2022-01-04 14:20:12.960root 11241100x80000000000000004281191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853c249327f3cbb72022-01-04 14:20:12.960root 11241100x80000000000000004281192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae14fc64e5f1ac702022-01-04 14:20:12.960root 11241100x80000000000000004281193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2591b23cd970c22022-01-04 14:20:12.960root 11241100x80000000000000004281194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6cc5afd87d8a682022-01-04 14:20:12.961root 11241100x80000000000000004281195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ebf8e82a190f792022-01-04 14:20:12.961root 11241100x80000000000000004281196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1254f93b92979e42022-01-04 14:20:12.961root 11241100x80000000000000004281197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdcdc0ddd242ef42022-01-04 14:20:12.961root 11241100x80000000000000004281198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f9d197659e8a62022-01-04 14:20:12.961root 11241100x80000000000000004281199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb2682acea6c022022-01-04 14:20:12.961root 11241100x80000000000000004281200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9b6727befdd4412022-01-04 14:20:12.961root 11241100x80000000000000004281201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536f4ef73d41a8712022-01-04 14:20:12.961root 11241100x80000000000000004281202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a47b6d9937dd2be2022-01-04 14:20:12.961root 11241100x80000000000000004281203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:12.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d0734a7f194e42022-01-04 14:20:12.961root 11241100x80000000000000004281204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ceed1b3cd5d7332022-01-04 14:20:13.459root 11241100x80000000000000004281205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa45b22a7c37aa2022-01-04 14:20:13.459root 11241100x80000000000000004281206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c150d6a0be44185d2022-01-04 14:20:13.459root 11241100x80000000000000004281207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b10befc41495c2022-01-04 14:20:13.459root 11241100x80000000000000004281208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6c3a7ded5c81d2022-01-04 14:20:13.459root 11241100x80000000000000004281209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9cbc4108394af42022-01-04 14:20:13.460root 11241100x80000000000000004281210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83ef56083729f1b2022-01-04 14:20:13.460root 11241100x80000000000000004281211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef5f607fb62b33c2022-01-04 14:20:13.460root 11241100x80000000000000004281212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbb7908414e0e622022-01-04 14:20:13.460root 11241100x80000000000000004281213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96136c9e35b2a2fd2022-01-04 14:20:13.460root 11241100x80000000000000004281214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ec4b50d95c076d2022-01-04 14:20:13.460root 11241100x80000000000000004281215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a059947cfc98c1f42022-01-04 14:20:13.460root 11241100x80000000000000004281216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3ef7a4856dbe842022-01-04 14:20:13.460root 11241100x80000000000000004281217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87688c2add5a6d82022-01-04 14:20:13.460root 11241100x80000000000000004281218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24527e17dbd1ddf92022-01-04 14:20:13.460root 11241100x80000000000000004281219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e1e14502de83f12022-01-04 14:20:13.461root 11241100x80000000000000004281220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a834ffff8581d562022-01-04 14:20:13.461root 11241100x80000000000000004281221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a9fbc2328fdaec2022-01-04 14:20:13.461root 11241100x80000000000000004281222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eb31a47f0b185a2022-01-04 14:20:13.960root 11241100x80000000000000004281223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6a7d8430de3c372022-01-04 14:20:13.960root 11241100x80000000000000004281224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1419844188879d2022-01-04 14:20:13.960root 11241100x80000000000000004281225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7b06b3fc5a611a2022-01-04 14:20:13.960root 11241100x80000000000000004281226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc835a679d73852022-01-04 14:20:13.960root 11241100x80000000000000004281227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47ef783835e94552022-01-04 14:20:13.960root 11241100x80000000000000004281228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bd54b79a14518f2022-01-04 14:20:13.960root 11241100x80000000000000004281229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66ed9a9f86ae6d72022-01-04 14:20:13.960root 11241100x80000000000000004281230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d663dec6640422022-01-04 14:20:13.961root 11241100x80000000000000004281231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d121664869bb202022-01-04 14:20:13.961root 11241100x80000000000000004281232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f98ec56e0901ce2022-01-04 14:20:13.961root 11241100x80000000000000004281233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49f33811e8cbc3d2022-01-04 14:20:13.961root 11241100x80000000000000004281234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d969ace94a6941772022-01-04 14:20:13.961root 11241100x80000000000000004281235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520b7c3c98912c922022-01-04 14:20:13.961root 11241100x80000000000000004281236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2fb3ce6829d362022-01-04 14:20:13.961root 11241100x80000000000000004281237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f63da3bbaa2adc2022-01-04 14:20:13.961root 11241100x80000000000000004281238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c722bbe20188ceac2022-01-04 14:20:13.962root 11241100x80000000000000004281239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:13.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4146fad9c51a34892022-01-04 14:20:13.962root 11241100x80000000000000004281240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d311cf6ef9362d2022-01-04 14:20:14.460root 11241100x80000000000000004281241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7660e6b9f8e6272022-01-04 14:20:14.460root 11241100x80000000000000004281242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dc2f30ede92a122022-01-04 14:20:14.460root 11241100x80000000000000004281243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0decbb554f96b12022-01-04 14:20:14.460root 11241100x80000000000000004281244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eefbf8feff275c32022-01-04 14:20:14.460root 11241100x80000000000000004281245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1eab6fd8dcf5362022-01-04 14:20:14.460root 11241100x80000000000000004281246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307537d256c76b62022-01-04 14:20:14.460root 11241100x80000000000000004281247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec32aa5f75c145f42022-01-04 14:20:14.460root 11241100x80000000000000004281248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2524895548d98bf2022-01-04 14:20:14.460root 11241100x80000000000000004281249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371a797cf3af3e832022-01-04 14:20:14.460root 11241100x80000000000000004281250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5180d21f755652022-01-04 14:20:14.461root 11241100x80000000000000004281251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946b55f3293a23092022-01-04 14:20:14.461root 11241100x80000000000000004281252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe8687c859f212c2022-01-04 14:20:14.461root 11241100x80000000000000004281253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c3a12f9142f38e2022-01-04 14:20:14.461root 11241100x80000000000000004281254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b831ebce6dcf8a02022-01-04 14:20:14.461root 11241100x80000000000000004281255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bdb24277093c142022-01-04 14:20:14.461root 11241100x80000000000000004281256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ab830ca2e646bb2022-01-04 14:20:14.461root 11241100x80000000000000004281257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60ebc2e8a0ee512022-01-04 14:20:14.461root 11241100x80000000000000004281258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f16d6f1b9604002022-01-04 14:20:14.960root 11241100x80000000000000004281259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c36faeb334a3af2022-01-04 14:20:14.960root 11241100x80000000000000004281260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb21da9fb0857a112022-01-04 14:20:14.960root 11241100x80000000000000004281261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2146a451b08d10a52022-01-04 14:20:14.960root 11241100x80000000000000004281262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd1c2d0c58421082022-01-04 14:20:14.960root 11241100x80000000000000004281263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fbc7fa270ab8e02022-01-04 14:20:14.960root 11241100x80000000000000004281264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739285cf439d437b2022-01-04 14:20:14.960root 11241100x80000000000000004281265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1297b71fe3c2da12022-01-04 14:20:14.960root 11241100x80000000000000004281266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06050c449a081b572022-01-04 14:20:14.960root 11241100x80000000000000004281267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bf4c9028f8d7902022-01-04 14:20:14.960root 11241100x80000000000000004281268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b748134a0f0602022-01-04 14:20:14.961root 11241100x80000000000000004281269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07dc01a818206e2022-01-04 14:20:14.961root 11241100x80000000000000004281270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddfdf431f1ac7842022-01-04 14:20:14.961root 11241100x80000000000000004281271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9985157521df97fb2022-01-04 14:20:14.961root 11241100x80000000000000004281272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c30386c8d23b422022-01-04 14:20:14.961root 11241100x80000000000000004281273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaa292baa1cc3112022-01-04 14:20:14.961root 11241100x80000000000000004281274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88024ffcf7b33a7e2022-01-04 14:20:14.961root 11241100x80000000000000004281275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36886f561cc8e1e62022-01-04 14:20:14.961root 354300x80000000000000004281276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.229{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41546-false10.0.1.12-8000- 11241100x80000000000000004281277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.230{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c4db76062045a42022-01-04 14:20:15.230root 11241100x80000000000000004281278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51049a76ed9f63742022-01-04 14:20:15.231root 11241100x80000000000000004281279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0804847b33b486802022-01-04 14:20:15.231root 11241100x80000000000000004281280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f383c16627f6092022-01-04 14:20:15.231root 11241100x80000000000000004281281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea164212f5474a5a2022-01-04 14:20:15.231root 11241100x80000000000000004281282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e251b55bfe2a162022-01-04 14:20:15.231root 11241100x80000000000000004281283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6114c7a1115d41662022-01-04 14:20:15.231root 11241100x80000000000000004281284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0092619d5e0cf5c22022-01-04 14:20:15.231root 11241100x80000000000000004281285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a413c52028594c02022-01-04 14:20:15.232root 11241100x80000000000000004281286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c052dec2027fb0ef2022-01-04 14:20:15.232root 11241100x80000000000000004281287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7df1fefa163a0d2022-01-04 14:20:15.232root 11241100x80000000000000004281288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f957feb2087bf6922022-01-04 14:20:15.232root 11241100x80000000000000004281289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397a85020c5437322022-01-04 14:20:15.232root 11241100x80000000000000004281290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b74f6c5e7365ab2022-01-04 14:20:15.232root 11241100x80000000000000004281291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25625e14c04a93e2022-01-04 14:20:15.232root 11241100x80000000000000004281292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e4c78f07e99012022-01-04 14:20:15.232root 11241100x80000000000000004281293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720d7f8c8aac59082022-01-04 14:20:15.232root 11241100x80000000000000004281294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11e8c2dd5cf84fb2022-01-04 14:20:15.232root 11241100x80000000000000004281295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9245194d3b48762022-01-04 14:20:15.232root 11241100x80000000000000004281296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e61f6921cecbf5c2022-01-04 14:20:15.709root 11241100x80000000000000004281297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9813b3b8999559762022-01-04 14:20:15.710root 11241100x80000000000000004281298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959cc179465378bf2022-01-04 14:20:15.710root 11241100x80000000000000004281299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bddb15f6fbb07a2022-01-04 14:20:15.711root 11241100x80000000000000004281300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888ad09fc34757d2022-01-04 14:20:15.711root 11241100x80000000000000004281301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b772c20e8d4d2372022-01-04 14:20:15.711root 11241100x80000000000000004281302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad71f2d971f10252022-01-04 14:20:15.711root 11241100x80000000000000004281303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12efae999528824b2022-01-04 14:20:15.711root 11241100x80000000000000004281304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d1d99ebfebb3dd2022-01-04 14:20:15.711root 11241100x80000000000000004281305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea264dca87e7a7e2022-01-04 14:20:15.711root 11241100x80000000000000004281306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876aa5cb5af391762022-01-04 14:20:15.711root 11241100x80000000000000004281307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38b1978e3face852022-01-04 14:20:15.711root 11241100x80000000000000004281308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deab6da54e1133b2022-01-04 14:20:15.712root 11241100x80000000000000004281309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d44014524afb22022-01-04 14:20:15.712root 11241100x80000000000000004281310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1530ba96a337b94c2022-01-04 14:20:15.712root 11241100x80000000000000004281311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cac89b420ee65962022-01-04 14:20:15.712root 11241100x80000000000000004281312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b6b80dcba09bb72022-01-04 14:20:15.712root 11241100x80000000000000004281313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7662f1e297e3e62022-01-04 14:20:15.713root 11241100x80000000000000004281314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840f4fd7f9375292022-01-04 14:20:15.713root 11241100x80000000000000004281315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a368d54577f3f1c12022-01-04 14:20:16.210root 11241100x80000000000000004281316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c65de6eb549aa452022-01-04 14:20:16.210root 11241100x80000000000000004281317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1649089fd0d0a97a2022-01-04 14:20:16.210root 11241100x80000000000000004281318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9519e32d4cffad0e2022-01-04 14:20:16.210root 11241100x80000000000000004281319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaf4e9007f5da882022-01-04 14:20:16.210root 11241100x80000000000000004281320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aced5f974bd31362022-01-04 14:20:16.210root 11241100x80000000000000004281321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bcc5da2e4f68652022-01-04 14:20:16.210root 11241100x80000000000000004281322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d171f05ef9cab22022-01-04 14:20:16.210root 11241100x80000000000000004281323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05926851ffd66a772022-01-04 14:20:16.210root 11241100x80000000000000004281324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d9a3a7a46f3fa62022-01-04 14:20:16.210root 11241100x80000000000000004281325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446c21ae01feeff2022-01-04 14:20:16.210root 11241100x80000000000000004281326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd881c12775d5412022-01-04 14:20:16.210root 11241100x80000000000000004281327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6df1de3c6652e22022-01-04 14:20:16.210root 11241100x80000000000000004281328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a826bf519af617222022-01-04 14:20:16.210root 11241100x80000000000000004281329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892da538fbe001a72022-01-04 14:20:16.211root 11241100x80000000000000004281330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8e2f4479983aed2022-01-04 14:20:16.211root 11241100x80000000000000004281331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6b2e5f74959f22022-01-04 14:20:16.211root 11241100x80000000000000004281332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc626c15d59728f2022-01-04 14:20:16.211root 11241100x80000000000000004281333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d173e3b20d89d39c2022-01-04 14:20:16.211root 11241100x80000000000000004281334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c3386155fbeb0b2022-01-04 14:20:16.710root 11241100x80000000000000004281335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce639d48e925de882022-01-04 14:20:16.710root 11241100x80000000000000004281336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5e0f6b76fddf6b2022-01-04 14:20:16.710root 11241100x80000000000000004281337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c594bc7b69774b2022-01-04 14:20:16.710root 11241100x80000000000000004281338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2696bd9600dfc19e2022-01-04 14:20:16.710root 11241100x80000000000000004281339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555e6fd1e2eb3dbe2022-01-04 14:20:16.710root 11241100x80000000000000004281340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32d2f71984e95eb2022-01-04 14:20:16.710root 11241100x80000000000000004281341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe31a23cd8b6cee2022-01-04 14:20:16.710root 11241100x80000000000000004281342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b49b3369f647e2022-01-04 14:20:16.710root 11241100x80000000000000004281343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd85f48076fbb77e2022-01-04 14:20:16.710root 11241100x80000000000000004281344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024791235fe0c8e2022-01-04 14:20:16.710root 11241100x80000000000000004281345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd5dd4acf9c6dd2022-01-04 14:20:16.711root 11241100x80000000000000004281346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2809f50fa4739a932022-01-04 14:20:16.711root 11241100x80000000000000004281347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52620f46f35907aa2022-01-04 14:20:16.711root 11241100x80000000000000004281348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6124da73eac5cc92022-01-04 14:20:16.711root 11241100x80000000000000004281349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7219e837e026b852022-01-04 14:20:16.711root 11241100x80000000000000004281350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a80a2be1df5c7a2022-01-04 14:20:16.711root 11241100x80000000000000004281351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f19027ba09490bf2022-01-04 14:20:16.711root 11241100x80000000000000004281352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a22169bdadad1242022-01-04 14:20:16.711root 11241100x80000000000000004281353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7026a4be2d39232022-01-04 14:20:17.209root 11241100x80000000000000004281354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b1b62e5cd3a27f2022-01-04 14:20:17.209root 11241100x80000000000000004281355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513b5a51f64a2dfe2022-01-04 14:20:17.209root 11241100x80000000000000004281356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06070446a97b6a642022-01-04 14:20:17.209root 11241100x80000000000000004281357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3342ec2be89c27bf2022-01-04 14:20:17.209root 11241100x80000000000000004281358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30aece5a356fc722022-01-04 14:20:17.209root 11241100x80000000000000004281359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83d0dafce3030a52022-01-04 14:20:17.210root 11241100x80000000000000004281360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40ea771239f4e552022-01-04 14:20:17.210root 11241100x80000000000000004281361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9ab8373f89b4b72022-01-04 14:20:17.210root 11241100x80000000000000004281362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749123b68e715752022-01-04 14:20:17.210root 11241100x80000000000000004281363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67ff105f5f6ca062022-01-04 14:20:17.210root 11241100x80000000000000004281364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ef47b9a7b0b1242022-01-04 14:20:17.210root 11241100x80000000000000004281365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10373dc962168eb22022-01-04 14:20:17.210root 11241100x80000000000000004281366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955af6d45997df242022-01-04 14:20:17.210root 11241100x80000000000000004281367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f4791c7478dfc02022-01-04 14:20:17.210root 11241100x80000000000000004281368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a051b2fa801587b2022-01-04 14:20:17.210root 11241100x80000000000000004281369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c470a6481c96b32022-01-04 14:20:17.210root 11241100x80000000000000004281370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e54b94e5700cd0c2022-01-04 14:20:17.211root 11241100x80000000000000004281371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08a82b2051fc1f12022-01-04 14:20:17.211root 11241100x80000000000000004281372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9cfed213d9dd9e2022-01-04 14:20:17.710root 11241100x80000000000000004281373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e6b7c5a4d680862022-01-04 14:20:17.710root 11241100x80000000000000004281374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a103cc16ac8c842022-01-04 14:20:17.710root 11241100x80000000000000004281375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5366ba4796ab92022-01-04 14:20:17.710root 11241100x80000000000000004281376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8601aa7af7b6f72022-01-04 14:20:17.710root 11241100x80000000000000004281377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58b638c931a2aa72022-01-04 14:20:17.710root 11241100x80000000000000004281378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68a0ede892a5d72022-01-04 14:20:17.710root 11241100x80000000000000004281379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9be84eb8b685f992022-01-04 14:20:17.711root 11241100x80000000000000004281380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2e126b9d5f2a6d2022-01-04 14:20:17.711root 11241100x80000000000000004281381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d62c583a600242022-01-04 14:20:17.711root 11241100x80000000000000004281382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f507466737b7f952022-01-04 14:20:17.711root 11241100x80000000000000004281383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f187fda47bf76e2022-01-04 14:20:17.711root 11241100x80000000000000004281384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5668fdfbb9995c2022-01-04 14:20:17.711root 11241100x80000000000000004281385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc359854bdaacdf12022-01-04 14:20:17.711root 11241100x80000000000000004281386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512075ef3d9eaad2022-01-04 14:20:17.711root 11241100x80000000000000004281387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1993e21f5881e2e2022-01-04 14:20:17.711root 11241100x80000000000000004281388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77664cd76bda7d2022-01-04 14:20:17.711root 11241100x80000000000000004281389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac15bea9ebc0d8ea2022-01-04 14:20:17.711root 11241100x80000000000000004281390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:17.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617f139433a6a4082022-01-04 14:20:17.711root 11241100x80000000000000004281391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d585b1f008a4ef2022-01-04 14:20:18.210root 11241100x80000000000000004281392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb9d8a593f262f2022-01-04 14:20:18.210root 11241100x80000000000000004281393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddba5a67af972fe2022-01-04 14:20:18.210root 11241100x80000000000000004281394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d756fcf4a33406902022-01-04 14:20:18.210root 11241100x80000000000000004281395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dcf9f1eff6077c2022-01-04 14:20:18.210root 11241100x80000000000000004281396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f28da0ebac71f0e2022-01-04 14:20:18.210root 11241100x80000000000000004281397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3cf31c507aca452022-01-04 14:20:18.210root 11241100x80000000000000004281398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504fcd9fb272e69b2022-01-04 14:20:18.210root 11241100x80000000000000004281399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51a1eb72135520e2022-01-04 14:20:18.210root 11241100x80000000000000004281400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a32f6805223c7d62022-01-04 14:20:18.210root 11241100x80000000000000004281401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce3fbcf09fb853d2022-01-04 14:20:18.210root 11241100x80000000000000004281402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f655d694a0c8a452022-01-04 14:20:18.211root 11241100x80000000000000004281403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3a1045d8a54fcd2022-01-04 14:20:18.211root 11241100x80000000000000004281404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57de5d1a418dac2022-01-04 14:20:18.211root 11241100x80000000000000004281405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f1afd61600f7bb2022-01-04 14:20:18.211root 11241100x80000000000000004281406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a44093dba9a2c22022-01-04 14:20:18.211root 11241100x80000000000000004281407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402fd614a14e83d82022-01-04 14:20:18.211root 11241100x80000000000000004281408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33d58395d8a9e8b2022-01-04 14:20:18.211root 11241100x80000000000000004281409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cee8407765001f2022-01-04 14:20:18.211root 11241100x80000000000000004281410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a512b457900e7ec2022-01-04 14:20:18.709root 11241100x80000000000000004281411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088db0ab752d359b2022-01-04 14:20:18.710root 11241100x80000000000000004281412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6303816a95679f2022-01-04 14:20:18.710root 11241100x80000000000000004281413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4935f2e2da2422022-01-04 14:20:18.710root 11241100x80000000000000004281414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15537c07fc2a5262022-01-04 14:20:18.710root 11241100x80000000000000004281415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21018563cc46929d2022-01-04 14:20:18.710root 11241100x80000000000000004281416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a963a884aca2d12022-01-04 14:20:18.710root 11241100x80000000000000004281417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79cdf5af5c47a752022-01-04 14:20:18.710root 11241100x80000000000000004281418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4254dce7ae3ea1c62022-01-04 14:20:18.710root 11241100x80000000000000004281419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeb052708d235562022-01-04 14:20:18.710root 11241100x80000000000000004281420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4832d1d51f354d2022-01-04 14:20:18.711root 11241100x80000000000000004281421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2372e74923d90bd2022-01-04 14:20:18.711root 11241100x80000000000000004281422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0358380e23d4774f2022-01-04 14:20:18.711root 11241100x80000000000000004281423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137e5c15c6b769af2022-01-04 14:20:18.711root 11241100x80000000000000004281424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c04c318ca74642022-01-04 14:20:18.711root 11241100x80000000000000004281425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b46a4bc6a0344642022-01-04 14:20:18.711root 11241100x80000000000000004281426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f982fa6d5d49fe2022-01-04 14:20:18.711root 11241100x80000000000000004281427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9085065ca193a1e2022-01-04 14:20:18.711root 11241100x80000000000000004281428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:18.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1167740526b5520c2022-01-04 14:20:18.711root 11241100x80000000000000004281429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7ed93cc0fc99cc2022-01-04 14:20:19.210root 11241100x80000000000000004281430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681e0f2501022ff22022-01-04 14:20:19.210root 11241100x80000000000000004281431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee809dfdacbf89b2022-01-04 14:20:19.210root 11241100x80000000000000004281432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea3fa9761251e0d2022-01-04 14:20:19.210root 11241100x80000000000000004281433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6b99303b6d859d2022-01-04 14:20:19.210root 11241100x80000000000000004281434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2788b8d274c30c2022-01-04 14:20:19.210root 11241100x80000000000000004281435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4f1ca6fc4c8c72022-01-04 14:20:19.210root 11241100x80000000000000004281436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e277c5b57c66902022-01-04 14:20:19.210root 11241100x80000000000000004281437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5939604cd94fdc92022-01-04 14:20:19.210root 11241100x80000000000000004281438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a9482c66dbdae2022-01-04 14:20:19.211root 11241100x80000000000000004281439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478e970986400fde2022-01-04 14:20:19.211root 11241100x80000000000000004281440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69aa302de236e12022-01-04 14:20:19.211root 11241100x80000000000000004281441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1520598baf1626e62022-01-04 14:20:19.211root 11241100x80000000000000004281442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897b2b3e1145f3fb2022-01-04 14:20:19.211root 11241100x80000000000000004281443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6748dd5773c3a85d2022-01-04 14:20:19.211root 11241100x80000000000000004281444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97028903dd11d692022-01-04 14:20:19.211root 11241100x80000000000000004281445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5ca7f3a96f84ff2022-01-04 14:20:19.211root 11241100x80000000000000004281446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f425e518c78d9af52022-01-04 14:20:19.211root 11241100x80000000000000004281447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e781b0e22dfdda92022-01-04 14:20:19.211root 11241100x80000000000000004281448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51266bd3e778d53c2022-01-04 14:20:19.709root 11241100x80000000000000004281449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68da6937792016382022-01-04 14:20:19.709root 11241100x80000000000000004281450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47d3b8ee32cd4e02022-01-04 14:20:19.709root 11241100x80000000000000004281451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b1aa1c48b9cb652022-01-04 14:20:19.710root 11241100x80000000000000004281452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae75e28ca92d3f612022-01-04 14:20:19.710root 11241100x80000000000000004281453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc1cc1399c558f52022-01-04 14:20:19.710root 11241100x80000000000000004281454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf1df8469a76f212022-01-04 14:20:19.710root 11241100x80000000000000004281455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e6ab8300558f5a2022-01-04 14:20:19.710root 11241100x80000000000000004281456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdd945f8db445252022-01-04 14:20:19.710root 11241100x80000000000000004281457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b55822a3af4c93a2022-01-04 14:20:19.710root 11241100x80000000000000004281458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb7ec8e5d2444492022-01-04 14:20:19.710root 11241100x80000000000000004281459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33db4943f2d7798c2022-01-04 14:20:19.710root 11241100x80000000000000004281460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea944592f2ee0302022-01-04 14:20:19.710root 11241100x80000000000000004281461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b70cb1e84384ed82022-01-04 14:20:19.710root 11241100x80000000000000004281462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99676c01afb09fa92022-01-04 14:20:19.710root 11241100x80000000000000004281463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4451ad42a40c872022-01-04 14:20:19.710root 11241100x80000000000000004281464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd033b298de29d2022-01-04 14:20:19.711root 11241100x80000000000000004281465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7a76e023df70f2022-01-04 14:20:19.711root 11241100x80000000000000004281466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:19.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b7b38ebaf5d822022-01-04 14:20:19.711root 11241100x80000000000000004281467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f940fbd7401536482022-01-04 14:20:20.210root 11241100x80000000000000004281468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b4e3eabf7242472022-01-04 14:20:20.210root 11241100x80000000000000004281469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e72d82e211dacb2022-01-04 14:20:20.210root 11241100x80000000000000004281470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2922cad21c4a660e2022-01-04 14:20:20.210root 11241100x80000000000000004281471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49401f466bb5844b2022-01-04 14:20:20.210root 11241100x80000000000000004281472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515f19ac38fe4e942022-01-04 14:20:20.210root 11241100x80000000000000004281473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dfa4ea60f786412022-01-04 14:20:20.210root 11241100x80000000000000004281474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31da1717a4e94a482022-01-04 14:20:20.210root 11241100x80000000000000004281475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc654e549c6874e2022-01-04 14:20:20.210root 11241100x80000000000000004281476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bbb29c37ffb5452022-01-04 14:20:20.211root 11241100x80000000000000004281477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf1c21311c2b5c32022-01-04 14:20:20.211root 11241100x80000000000000004281478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c989cf5efa01eae2022-01-04 14:20:20.211root 11241100x80000000000000004281479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3b849be24085082022-01-04 14:20:20.211root 11241100x80000000000000004281480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8239d49ad94c7bf62022-01-04 14:20:20.211root 11241100x80000000000000004281481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05056f840588eef82022-01-04 14:20:20.211root 11241100x80000000000000004281482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89111033b43a49f2022-01-04 14:20:20.211root 11241100x80000000000000004281483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06e5a1f71dd117e2022-01-04 14:20:20.211root 11241100x80000000000000004281484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bcc7289e01aedc2022-01-04 14:20:20.211root 11241100x80000000000000004281485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093f2f0cec081de32022-01-04 14:20:20.211root 11241100x80000000000000004281486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60aa9ffb6b27d722022-01-04 14:20:20.709root 11241100x80000000000000004281487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50ef20e2ca093eb2022-01-04 14:20:20.709root 11241100x80000000000000004281488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0ee32b55b510932022-01-04 14:20:20.709root 11241100x80000000000000004281489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ff4294220d94512022-01-04 14:20:20.709root 11241100x80000000000000004281490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f342739771834f0d2022-01-04 14:20:20.709root 11241100x80000000000000004281491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3840f0e2b876b2102022-01-04 14:20:20.710root 11241100x80000000000000004281492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3572597163974d72022-01-04 14:20:20.710root 11241100x80000000000000004281493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f77691dbf9ec32022-01-04 14:20:20.710root 11241100x80000000000000004281494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7285efd03dd5f92022-01-04 14:20:20.710root 11241100x80000000000000004281495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04bdad5f23822382022-01-04 14:20:20.710root 11241100x80000000000000004281496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362454490a22781d2022-01-04 14:20:20.710root 11241100x80000000000000004281497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d9ae3ff172c842022-01-04 14:20:20.710root 11241100x80000000000000004281498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5916fb6ea1f869a32022-01-04 14:20:20.710root 11241100x80000000000000004281499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b03f64191c4571b2022-01-04 14:20:20.710root 11241100x80000000000000004281500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf63a7e78d2056c02022-01-04 14:20:20.711root 11241100x80000000000000004281501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b92cfa01f5f05622022-01-04 14:20:20.711root 11241100x80000000000000004281502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389eaf2ebc6d94432022-01-04 14:20:20.711root 11241100x80000000000000004281503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab408de45f148d972022-01-04 14:20:20.711root 11241100x80000000000000004281504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:20.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1adfdb67825e282022-01-04 14:20:20.711root 354300x80000000000000004281505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.101{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41548-false10.0.1.12-8000- 11241100x80000000000000004281506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16bce2e5970ad982022-01-04 14:20:21.102root 11241100x80000000000000004281507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23061e2653ff53bb2022-01-04 14:20:21.102root 11241100x80000000000000004281508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580bf956a51260f72022-01-04 14:20:21.102root 11241100x80000000000000004281509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b05548d2fde67502022-01-04 14:20:21.102root 11241100x80000000000000004281510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f566a47c59dbf12022-01-04 14:20:21.102root 11241100x80000000000000004281511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc21fa55b5efc12022-01-04 14:20:21.102root 11241100x80000000000000004281512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284244a94fdd66132022-01-04 14:20:21.102root 11241100x80000000000000004281513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ae76cd69287f122022-01-04 14:20:21.102root 11241100x80000000000000004281514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7173dc56482211a02022-01-04 14:20:21.102root 11241100x80000000000000004281515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a5ad4e785f4b202022-01-04 14:20:21.103root 11241100x80000000000000004281516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b111f0349c5e312022-01-04 14:20:21.103root 11241100x80000000000000004281517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059b3a2d14cc32e32022-01-04 14:20:21.103root 11241100x80000000000000004281518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c183cdb44c0d6a2022-01-04 14:20:21.103root 11241100x80000000000000004281519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15b4279ec856d592022-01-04 14:20:21.103root 11241100x80000000000000004281520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc56f3671053a7482022-01-04 14:20:21.103root 11241100x80000000000000004281521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39a87388a5a74712022-01-04 14:20:21.104root 11241100x80000000000000004281522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e020ae81097054b22022-01-04 14:20:21.104root 11241100x80000000000000004281523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cf7e1edb9ba26d2022-01-04 14:20:21.104root 11241100x80000000000000004281524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dc2d1c759ccce52022-01-04 14:20:21.104root 11241100x80000000000000004281525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43bccd0fffae49d2022-01-04 14:20:21.104root 11241100x80000000000000004281526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22b56d38c8e5d2d2022-01-04 14:20:21.104root 11241100x80000000000000004281527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd869dcfe1e2dc92022-01-04 14:20:21.104root 11241100x80000000000000004281528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83f17204a7790e92022-01-04 14:20:21.104root 11241100x80000000000000004281529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f348544ee127542022-01-04 14:20:21.104root 11241100x80000000000000004281530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6059a22660d29a2022-01-04 14:20:21.105root 11241100x80000000000000004281531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad452f33bf09d62022-01-04 14:20:21.105root 11241100x80000000000000004281532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f57a5d8d3e738c2022-01-04 14:20:21.105root 11241100x80000000000000004281533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec6a4d07e5227722022-01-04 14:20:21.105root 11241100x80000000000000004281534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c09312823a8ae42022-01-04 14:20:21.105root 11241100x80000000000000004281535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb3116791a81e402022-01-04 14:20:21.105root 11241100x80000000000000004281536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4936100f513c03f2022-01-04 14:20:21.106root 11241100x80000000000000004281537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.106{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c01be3629453a2022-01-04 14:20:21.106root 11241100x80000000000000004281538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9f8bea9f2df5352022-01-04 14:20:21.460root 11241100x80000000000000004281539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacf41ca964962132022-01-04 14:20:21.460root 11241100x80000000000000004281540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dde0f1c09f57c12022-01-04 14:20:21.460root 11241100x80000000000000004281541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1ea65d4fe747a52022-01-04 14:20:21.460root 11241100x80000000000000004281542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4988c9708164fa22022-01-04 14:20:21.460root 11241100x80000000000000004281543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d405405e166a94b82022-01-04 14:20:21.460root 11241100x80000000000000004281544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ce5b176408cfd2022-01-04 14:20:21.460root 11241100x80000000000000004281545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24393277719f6a82022-01-04 14:20:21.461root 11241100x80000000000000004281546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df7167a4c2b75eb2022-01-04 14:20:21.461root 11241100x80000000000000004281547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb0d8113287aa172022-01-04 14:20:21.461root 11241100x80000000000000004281548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24789ec3e61337762022-01-04 14:20:21.461root 11241100x80000000000000004281549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c61f61d9701a5112022-01-04 14:20:21.461root 11241100x80000000000000004281550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae4ddb4e28d046b2022-01-04 14:20:21.461root 11241100x80000000000000004281551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b150f482f1cf24a2022-01-04 14:20:21.461root 11241100x80000000000000004281552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de196daba8a5571b2022-01-04 14:20:21.461root 11241100x80000000000000004281553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85cade4568254f22022-01-04 14:20:21.461root 11241100x80000000000000004281554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4389377668a2b92022-01-04 14:20:21.461root 11241100x80000000000000004281555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612192093eeaa9082022-01-04 14:20:21.462root 11241100x80000000000000004281556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dfd1ae6b39934c2022-01-04 14:20:21.462root 11241100x80000000000000004281557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331403870879094e2022-01-04 14:20:21.462root 11241100x80000000000000004281558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad7c276afee0b152022-01-04 14:20:21.959root 11241100x80000000000000004281559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490867a5ea60dafc2022-01-04 14:20:21.960root 11241100x80000000000000004281560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980020558ccbf5a2022-01-04 14:20:21.960root 11241100x80000000000000004281561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a705c42d51a2ec62022-01-04 14:20:21.960root 11241100x80000000000000004281562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8c0bfedc5ba0912022-01-04 14:20:21.960root 11241100x80000000000000004281563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a323781e37f31a2022-01-04 14:20:21.960root 11241100x80000000000000004281564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffda700b69c317d92022-01-04 14:20:21.960root 11241100x80000000000000004281565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3876f8ef7c77f79d2022-01-04 14:20:21.960root 11241100x80000000000000004281566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9315e20c020bbe872022-01-04 14:20:21.960root 11241100x80000000000000004281567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205b53b348782d4e2022-01-04 14:20:21.960root 11241100x80000000000000004281568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2ed1206ffa18302022-01-04 14:20:21.960root 11241100x80000000000000004281569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edc5f9b7e3732e2022-01-04 14:20:21.960root 11241100x80000000000000004281570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9db4f842ee11182022-01-04 14:20:21.960root 11241100x80000000000000004281571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531a8eeea50950482022-01-04 14:20:21.961root 11241100x80000000000000004281572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cc0ccb23f73fc22022-01-04 14:20:21.961root 11241100x80000000000000004281573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b51dff623478882022-01-04 14:20:21.961root 11241100x80000000000000004281574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0607a6f1a1e573802022-01-04 14:20:21.961root 11241100x80000000000000004281575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de2e4de46b173ec2022-01-04 14:20:21.961root 11241100x80000000000000004281576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0634b3bf8810120e2022-01-04 14:20:21.961root 11241100x80000000000000004281577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49fba09836961732022-01-04 14:20:21.961root 11241100x80000000000000004281578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6d5e42ba7bf2f2022-01-04 14:20:22.459root 11241100x80000000000000004281579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1728269f8709af3f2022-01-04 14:20:22.459root 11241100x80000000000000004281580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef6f6d0396379292022-01-04 14:20:22.459root 11241100x80000000000000004281581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b69afdd143e788a2022-01-04 14:20:22.459root 11241100x80000000000000004281582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06847deb5cd023c42022-01-04 14:20:22.459root 11241100x80000000000000004281583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0efded92e640ac2022-01-04 14:20:22.459root 11241100x80000000000000004281584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266a5dfe7b71fbd12022-01-04 14:20:22.459root 11241100x80000000000000004281585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328c66690456b0f2022-01-04 14:20:22.460root 11241100x80000000000000004281586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d78bb96c776592022-01-04 14:20:22.460root 11241100x80000000000000004281587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3c0ca208ecb5a2022-01-04 14:20:22.460root 11241100x80000000000000004281588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191fbef0aeb6e05d2022-01-04 14:20:22.460root 11241100x80000000000000004281589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a198ee13d0ce8812022-01-04 14:20:22.460root 11241100x80000000000000004281590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5061362773cad32022-01-04 14:20:22.460root 11241100x80000000000000004281591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106f8560bed38b242022-01-04 14:20:22.460root 11241100x80000000000000004281592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c742248e8bf70b252022-01-04 14:20:22.460root 11241100x80000000000000004281593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ea1ba583e74f692022-01-04 14:20:22.460root 11241100x80000000000000004281594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b37ec3238a1712022-01-04 14:20:22.460root 11241100x80000000000000004281595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9570ec1e68eba862022-01-04 14:20:22.460root 11241100x80000000000000004281596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f846f31fe0bda22022-01-04 14:20:22.460root 11241100x80000000000000004281597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eeb10109174c9e2022-01-04 14:20:22.461root 11241100x80000000000000004281598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b13fe6b6eb38622022-01-04 14:20:22.461root 11241100x80000000000000004281599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bb8bb91d0945af2022-01-04 14:20:22.461root 11241100x80000000000000004281600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda4befe55d908f62022-01-04 14:20:22.461root 11241100x80000000000000004281601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cdbda7d946645c2022-01-04 14:20:22.461root 11241100x80000000000000004281602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4778f211846b5a9c2022-01-04 14:20:22.461root 11241100x80000000000000004281603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc37f1f0c086232f2022-01-04 14:20:22.461root 11241100x80000000000000004281604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f407a663e110987c2022-01-04 14:20:22.461root 11241100x80000000000000004281605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c2e6fc1d00d5442022-01-04 14:20:22.461root 11241100x80000000000000004281606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c85cafdee847ba2022-01-04 14:20:22.461root 11241100x80000000000000004281607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b606fdff9b2a6fee2022-01-04 14:20:22.461root 11241100x80000000000000004281608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9f69fd26df67f22022-01-04 14:20:22.461root 11241100x80000000000000004281609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc669fbb3919477b2022-01-04 14:20:22.960root 11241100x80000000000000004281610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4677807d8c8ad2d2022-01-04 14:20:22.960root 11241100x80000000000000004281611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeda672af648c52f2022-01-04 14:20:22.960root 11241100x80000000000000004281612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca44ee86c98a30fc2022-01-04 14:20:22.960root 11241100x80000000000000004281613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28509f33dae48e352022-01-04 14:20:22.960root 11241100x80000000000000004281614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e9e34666b1a3fe2022-01-04 14:20:22.960root 11241100x80000000000000004281615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b965cb55e9eda2022-01-04 14:20:22.961root 11241100x80000000000000004281616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eea560391504fb2022-01-04 14:20:22.961root 11241100x80000000000000004281617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7392aed2e22f56e42022-01-04 14:20:22.961root 11241100x80000000000000004281618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9179d476a1ce15c22022-01-04 14:20:22.961root 11241100x80000000000000004281619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a5dbaef9cd38a12022-01-04 14:20:22.961root 11241100x80000000000000004281620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46a0c4fce4ce4c82022-01-04 14:20:22.961root 11241100x80000000000000004281621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee41b3852bb750d82022-01-04 14:20:22.962root 11241100x80000000000000004281622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3a5e7d4829acd52022-01-04 14:20:22.962root 11241100x80000000000000004281623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7033b897a2386e122022-01-04 14:20:22.962root 11241100x80000000000000004281624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2096b2426b4cf3572022-01-04 14:20:22.962root 11241100x80000000000000004281625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa1c1ff5abd39d2022-01-04 14:20:22.962root 11241100x80000000000000004281626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d00944451397b2022-01-04 14:20:22.962root 11241100x80000000000000004281627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e60a7a5e3efdd5f2022-01-04 14:20:22.962root 11241100x80000000000000004281628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7ad52c0df962282022-01-04 14:20:22.963root 11241100x80000000000000004281629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76264cdbfd7617852022-01-04 14:20:23.459root 11241100x80000000000000004281630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ff68bedb8e30ec2022-01-04 14:20:23.460root 11241100x80000000000000004281631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f90ec7f903b5b5f2022-01-04 14:20:23.460root 11241100x80000000000000004281632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816d8da3cf85559a2022-01-04 14:20:23.460root 11241100x80000000000000004281633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbe2272fdfb8ec2022-01-04 14:20:23.460root 11241100x80000000000000004281634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb8c77ff9507e032022-01-04 14:20:23.460root 11241100x80000000000000004281635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f77713971aa96a92022-01-04 14:20:23.460root 11241100x80000000000000004281636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1a30fa7836384c2022-01-04 14:20:23.460root 11241100x80000000000000004281637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b742133e3571a682022-01-04 14:20:23.460root 11241100x80000000000000004281638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d27375f67a1fc2022-01-04 14:20:23.460root 11241100x80000000000000004281639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ed29ca71f5c22c2022-01-04 14:20:23.460root 11241100x80000000000000004281640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d1b1abfca155242022-01-04 14:20:23.460root 11241100x80000000000000004281641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dd6ad4d7096d192022-01-04 14:20:23.460root 11241100x80000000000000004281642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8b990bf4644e932022-01-04 14:20:23.460root 11241100x80000000000000004281643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7b59ed255193d22022-01-04 14:20:23.460root 11241100x80000000000000004281644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6db231f57c67e0b2022-01-04 14:20:23.461root 11241100x80000000000000004281645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f3e382415fdd9f2022-01-04 14:20:23.461root 11241100x80000000000000004281646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d36683b2d9dbae82022-01-04 14:20:23.461root 11241100x80000000000000004281647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb6868c2b368f92022-01-04 14:20:23.461root 11241100x80000000000000004281648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135f7ad98b1b1d742022-01-04 14:20:23.461root 11241100x80000000000000004281649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c069b737ee5c012022-01-04 14:20:23.959root 11241100x80000000000000004281650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42444d18c82b1a292022-01-04 14:20:23.959root 11241100x80000000000000004281651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1c4c43867dff712022-01-04 14:20:23.959root 11241100x80000000000000004281652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb273c1d6d5d3c572022-01-04 14:20:23.959root 11241100x80000000000000004281653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14533fdb9beee4902022-01-04 14:20:23.960root 11241100x80000000000000004281654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1504747dc1a5232022-01-04 14:20:23.960root 11241100x80000000000000004281655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922368d309877792022-01-04 14:20:23.960root 11241100x80000000000000004281656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b199fb65d77eb6a62022-01-04 14:20:23.960root 11241100x80000000000000004281657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae378c77ba3ee52022-01-04 14:20:23.960root 11241100x80000000000000004281658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b4322514cabcd2022-01-04 14:20:23.960root 11241100x80000000000000004281659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca109c909e55a512022-01-04 14:20:23.960root 11241100x80000000000000004281660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6823f2a5ef5a52db2022-01-04 14:20:23.960root 11241100x80000000000000004281661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48470c72aec9f7c12022-01-04 14:20:23.960root 11241100x80000000000000004281662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34494510284e76ad2022-01-04 14:20:23.960root 11241100x80000000000000004281663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-04 14:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e138553ab83d26a92022-01-04 14:20:23.960root 11241100x80000000000000004281664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796<