11241100x80000000000000001740070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41a43b49ececb842022-02-14 08:43:48.430root 11241100x80000000000000001740071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a41d4aeac00fc12022-02-14 08:43:48.430root 11241100x80000000000000001740072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3c2a822643e0b22022-02-14 08:43:48.431root 11241100x80000000000000001740073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d6aaa94fa713cb2022-02-14 08:43:48.431root 11241100x80000000000000001740074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b3cf1b70e578872022-02-14 08:43:48.431root 11241100x80000000000000001740075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5a4411c41ce4b02022-02-14 08:43:48.431root 11241100x80000000000000001740076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1507a7cf3539e4822022-02-14 08:43:48.431root 11241100x80000000000000001740077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd9ff31232e512f2022-02-14 08:43:48.431root 11241100x80000000000000001740078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45f85557b0983862022-02-14 08:43:48.431root 11241100x80000000000000001740079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d187fb9ed059e6dd2022-02-14 08:43:48.432root 11241100x80000000000000001740080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f332cd6f7d9025b2022-02-14 08:43:48.432root 11241100x80000000000000001740081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2b288a58e1d7032022-02-14 08:43:48.432root 11241100x80000000000000001740082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2745b38eeece2882022-02-14 08:43:48.432root 11241100x80000000000000001740083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9e8559ad6eb6672022-02-14 08:43:48.432root 11241100x80000000000000001740084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70341d1eccf65b652022-02-14 08:43:48.432root 11241100x80000000000000001740085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b757d26c283fc7a2022-02-14 08:43:48.432root 11241100x80000000000000001740086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e45b5c8d3e792e12022-02-14 08:43:48.432root 11241100x80000000000000001740087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8239d2539ce2ed02022-02-14 08:43:48.433root 11241100x80000000000000001740088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431b42f6af0469b92022-02-14 08:43:48.433root 11241100x80000000000000001740089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce903fd98a6797d2022-02-14 08:43:48.433root 11241100x80000000000000001740090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e98cfd51d83e0c2022-02-14 08:43:48.433root 11241100x80000000000000001740091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf6d59645b9857e2022-02-14 08:43:48.434root 11241100x80000000000000001740092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3427bc2a250c6442022-02-14 08:43:48.435root 11241100x80000000000000001740093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4483b4f91fbfe02022-02-14 08:43:48.435root 11241100x80000000000000001740094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfd4e8475d3d2f72022-02-14 08:43:48.435root 11241100x80000000000000001740095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c949712dd98888f2022-02-14 08:43:48.436root 11241100x80000000000000001740096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bddff7c8dd990382022-02-14 08:43:48.436root 11241100x80000000000000001740097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39b41216a71008d2022-02-14 08:43:48.436root 11241100x80000000000000001740098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c1bad073a67c8e2022-02-14 08:43:48.436root 11241100x80000000000000001740099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbb64b9ce98753c2022-02-14 08:43:48.437root 11241100x80000000000000001740100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a250ce8a0b177b2022-02-14 08:43:48.437root 11241100x80000000000000001740101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dc9c91483c42882022-02-14 08:43:48.437root 11241100x80000000000000001740102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74691d2a20a705e62022-02-14 08:43:48.438root 11241100x80000000000000001740103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d6817c19d92232022-02-14 08:43:48.438root 11241100x80000000000000001740104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6f7f024e46a6422022-02-14 08:43:48.930root 11241100x80000000000000001740105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ba81971efc48e52022-02-14 08:43:48.930root 11241100x80000000000000001740106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48426e42ee6b61842022-02-14 08:43:48.930root 11241100x80000000000000001740107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99903647caefac452022-02-14 08:43:48.931root 11241100x80000000000000001740108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f3af8fd3fb89fa2022-02-14 08:43:48.931root 11241100x80000000000000001740109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60c41e0a14a84d22022-02-14 08:43:48.931root 11241100x80000000000000001740110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1bfed8bf9086a72022-02-14 08:43:48.931root 11241100x80000000000000001740111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a6381926b704332022-02-14 08:43:48.932root 11241100x80000000000000001740112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b18cd9859041e522022-02-14 08:43:48.932root 11241100x80000000000000001740113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d57f923478324972022-02-14 08:43:48.932root 11241100x80000000000000001740114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd6afd2046a44772022-02-14 08:43:48.932root 11241100x80000000000000001740115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f8790d60063ac2022-02-14 08:43:48.932root 11241100x80000000000000001740116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b739cffdf492bbdb2022-02-14 08:43:48.932root 11241100x80000000000000001740117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f8ac0bebfe864e2022-02-14 08:43:48.933root 11241100x80000000000000001740118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80f19a52f1cc0ab2022-02-14 08:43:48.933root 11241100x80000000000000001740119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2bb045a5baaa8d2022-02-14 08:43:48.933root 11241100x80000000000000001740120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61fbd6a28da550e2022-02-14 08:43:48.933root 11241100x80000000000000001740121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882f348fd12eb0612022-02-14 08:43:48.933root 11241100x80000000000000001740122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b9ddf5242d3032022-02-14 08:43:48.934root 11241100x80000000000000001740123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd55d3348c9fd7e2022-02-14 08:43:48.935root 11241100x80000000000000001740124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f4f93af9bdbb8f2022-02-14 08:43:48.935root 11241100x80000000000000001740125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec1476d5820c3f72022-02-14 08:43:48.935root 11241100x80000000000000001740126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18610e4a61a5d982022-02-14 08:43:48.935root 11241100x80000000000000001740127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d6dcb7772504ca2022-02-14 08:43:48.935root 11241100x80000000000000001740128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf121b09df37e072022-02-14 08:43:48.936root 11241100x80000000000000001740129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85db464fd0890a0f2022-02-14 08:43:48.936root 11241100x80000000000000001740130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e916ddce27454b22022-02-14 08:43:48.936root 11241100x80000000000000001740131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814cee98a5a0ae152022-02-14 08:43:48.936root 11241100x80000000000000001740132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad0d7d3feb0fdc82022-02-14 08:43:48.936root 11241100x80000000000000001740133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9795fde1c12346382022-02-14 08:43:48.936root 11241100x80000000000000001740134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2925746d0567aea02022-02-14 08:43:48.936root 11241100x80000000000000001740135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc5e107c0be40152022-02-14 08:43:48.937root 11241100x80000000000000001740136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e600af3e742dfef2022-02-14 08:43:48.937root 354300x80000000000000001740137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.113{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51472-false10.0.1.12-8000- 11241100x80000000000000001740138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c0fddc120f89ab2022-02-14 08:43:49.430root 11241100x80000000000000001740139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bebcca358050f92022-02-14 08:43:49.430root 11241100x80000000000000001740140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d48341edcf2002022-02-14 08:43:49.430root 11241100x80000000000000001740141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37ff518512211012022-02-14 08:43:49.430root 11241100x80000000000000001740142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb05237f1eacbf662022-02-14 08:43:49.430root 11241100x80000000000000001740143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1740b14ddc30ab9a2022-02-14 08:43:49.430root 11241100x80000000000000001740144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61643bb48a159c702022-02-14 08:43:49.430root 11241100x80000000000000001740145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b6d969b5b86dae2022-02-14 08:43:49.430root 11241100x80000000000000001740146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab56c6daa581bba2022-02-14 08:43:49.431root 11241100x80000000000000001740147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd2a64e399503542022-02-14 08:43:49.431root 11241100x80000000000000001740148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb23fba96b24e42022-02-14 08:43:49.431root 11241100x80000000000000001740149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ddc49c9be45f8f2022-02-14 08:43:49.431root 11241100x80000000000000001740150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace241efcaae95e32022-02-14 08:43:49.431root 11241100x80000000000000001740151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fdb07e017bade12022-02-14 08:43:49.431root 11241100x80000000000000001740152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb91463e2105ff492022-02-14 08:43:49.431root 11241100x80000000000000001740153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed58a0bc750bfb3c2022-02-14 08:43:49.431root 11241100x80000000000000001740154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa717094e1f5db72022-02-14 08:43:49.432root 11241100x80000000000000001740155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cfa0fcd8136a782022-02-14 08:43:49.432root 11241100x80000000000000001740156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6679538df6ef7f602022-02-14 08:43:49.432root 11241100x80000000000000001740157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb4432d49c026292022-02-14 08:43:49.432root 11241100x80000000000000001740158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecb19ac338534602022-02-14 08:43:49.432root 11241100x80000000000000001740159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1747aa9c7ed25fea2022-02-14 08:43:49.432root 11241100x80000000000000001740160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78edabb41b357db32022-02-14 08:43:49.432root 11241100x80000000000000001740161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ab8b5916a42b332022-02-14 08:43:49.432root 11241100x80000000000000001740162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbafede81d1443112022-02-14 08:43:49.432root 11241100x80000000000000001740163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7330afa139bd38972022-02-14 08:43:49.433root 11241100x80000000000000001740164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e92d7b9b01e424d2022-02-14 08:43:49.433root 11241100x80000000000000001740165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77535152bd8946df2022-02-14 08:43:49.433root 11241100x80000000000000001740166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6f8b8c11eb81c32022-02-14 08:43:49.434root 11241100x80000000000000001740167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b723d0003cf56c6f2022-02-14 08:43:49.434root 11241100x80000000000000001740168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b283d131f6473532022-02-14 08:43:49.434root 11241100x80000000000000001740169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a305b1287bfbd82022-02-14 08:43:49.434root 11241100x80000000000000001740170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdb026b623bfbbf2022-02-14 08:43:49.434root 11241100x80000000000000001740171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1915e0e2aa9f3082022-02-14 08:43:49.434root 11241100x80000000000000001740172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57decdca63be87082022-02-14 08:43:49.434root 11241100x80000000000000001740173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a80023ccbfc7e442022-02-14 08:43:49.434root 11241100x80000000000000001740174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a804a11266d29d7a2022-02-14 08:43:49.434root 11241100x80000000000000001740175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749400b963ba7bb72022-02-14 08:43:49.930root 11241100x80000000000000001740176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6338b2e3e7e3cfcb2022-02-14 08:43:49.930root 11241100x80000000000000001740177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d084ec02de3cf2de2022-02-14 08:43:49.930root 11241100x80000000000000001740178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545175c4efe0cf432022-02-14 08:43:49.930root 11241100x80000000000000001740179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dd5d52573f3f042022-02-14 08:43:49.930root 11241100x80000000000000001740180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85545247278fbe2f2022-02-14 08:43:49.930root 11241100x80000000000000001740181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4026dfe9a3b53f32022-02-14 08:43:49.930root 11241100x80000000000000001740182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d583dc7930ac412022-02-14 08:43:49.931root 11241100x80000000000000001740183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ced08f89115f602022-02-14 08:43:49.931root 11241100x80000000000000001740184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb7b0f9622f0fac2022-02-14 08:43:49.931root 11241100x80000000000000001740185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8fd2d117c5993a2022-02-14 08:43:49.931root 11241100x80000000000000001740186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701b094faa584d222022-02-14 08:43:49.931root 11241100x80000000000000001740187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e170f36aef4826582022-02-14 08:43:49.931root 11241100x80000000000000001740188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088ac7a35610d5c2022-02-14 08:43:49.931root 11241100x80000000000000001740189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd974e70a307f79a2022-02-14 08:43:49.931root 11241100x80000000000000001740190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7299a3cba48b9f72022-02-14 08:43:49.932root 11241100x80000000000000001740191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3752a8292ad8f72022-02-14 08:43:49.932root 11241100x80000000000000001740192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca7e59cd6bfe5442022-02-14 08:43:49.932root 11241100x80000000000000001740193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d001de1ec72b4852022-02-14 08:43:49.932root 11241100x80000000000000001740194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291a8e45cd3bb4d72022-02-14 08:43:49.932root 11241100x80000000000000001740195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b4b48a9a9a1152022-02-14 08:43:49.932root 11241100x80000000000000001740196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5de65145c670d612022-02-14 08:43:49.933root 11241100x80000000000000001740197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2952e7e6758825252022-02-14 08:43:49.933root 11241100x80000000000000001740198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599da40443fdc3e12022-02-14 08:43:49.933root 11241100x80000000000000001740199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf7f960465dba602022-02-14 08:43:49.933root 11241100x80000000000000001740200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baef62937a0ce9e2022-02-14 08:43:49.933root 11241100x80000000000000001740201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597c4cc7eb0a982c2022-02-14 08:43:49.933root 11241100x80000000000000001740202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ded618000be659c2022-02-14 08:43:49.933root 11241100x80000000000000001740203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291a64dfcf2fb0ec2022-02-14 08:43:49.933root 11241100x80000000000000001740204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830b5ee822195fcf2022-02-14 08:43:49.934root 11241100x80000000000000001740205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f62be20b147dc32022-02-14 08:43:49.934root 11241100x80000000000000001740206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af981cf80d790e2022-02-14 08:43:49.934root 11241100x80000000000000001740207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5278272f5af8cb172022-02-14 08:43:49.934root 11241100x80000000000000001740208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daeecd1d9d450eb2022-02-14 08:43:50.430root 11241100x80000000000000001740209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d29972b1eaa88192022-02-14 08:43:50.430root 11241100x80000000000000001740210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae24f4ca5a3528212022-02-14 08:43:50.430root 11241100x80000000000000001740211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505fccf2648afd412022-02-14 08:43:50.430root 11241100x80000000000000001740212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051a9af376f6c08d2022-02-14 08:43:50.430root 11241100x80000000000000001740213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95525d56fc88fe22022-02-14 08:43:50.430root 11241100x80000000000000001740214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cb5b3820a7cd862022-02-14 08:43:50.430root 11241100x80000000000000001740215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bdd6ed3da6a87a2022-02-14 08:43:50.431root 11241100x80000000000000001740216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1470f4dd49235772022-02-14 08:43:50.431root 11241100x80000000000000001740217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f09a7312eb3eef12022-02-14 08:43:50.431root 11241100x80000000000000001740218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6fc25578be3c622022-02-14 08:43:50.431root 11241100x80000000000000001740219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3f1777dc3656422022-02-14 08:43:50.431root 11241100x80000000000000001740220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3955110d7032ec2022-02-14 08:43:50.431root 11241100x80000000000000001740221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafe641ce548f8472022-02-14 08:43:50.431root 11241100x80000000000000001740222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cced65b0309fbf1e2022-02-14 08:43:50.431root 11241100x80000000000000001740223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7654a92f9668f22022-02-14 08:43:50.431root 11241100x80000000000000001740224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b6a320e67e1cc32022-02-14 08:43:50.431root 11241100x80000000000000001740225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff58ce3b06a2582022-02-14 08:43:50.432root 11241100x80000000000000001740226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7965e720888903202022-02-14 08:43:50.432root 11241100x80000000000000001740227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a74cffe7124ba2022-02-14 08:43:50.432root 11241100x80000000000000001740228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e174bf7d807bd5142022-02-14 08:43:50.432root 11241100x80000000000000001740229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f01be59b34e36eb2022-02-14 08:43:50.432root 11241100x80000000000000001740230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d925983e3db7c152022-02-14 08:43:50.432root 11241100x80000000000000001740231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df63750c54c07a92022-02-14 08:43:50.432root 11241100x80000000000000001740232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e280a17c3b66e62022-02-14 08:43:50.432root 11241100x80000000000000001740233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1ad9e23334619a2022-02-14 08:43:50.432root 11241100x80000000000000001740234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584216e612611eed2022-02-14 08:43:50.432root 11241100x80000000000000001740235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f0784b7522f0022022-02-14 08:43:50.432root 11241100x80000000000000001740236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e5417a1622813f2022-02-14 08:43:50.433root 11241100x80000000000000001740237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48cd4cee065bf182022-02-14 08:43:50.433root 11241100x80000000000000001740238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df4964fe94bed72022-02-14 08:43:50.433root 11241100x80000000000000001740239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39f344368b25f402022-02-14 08:43:50.433root 11241100x80000000000000001740240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7893c592e86e3c7c2022-02-14 08:43:50.434root 11241100x80000000000000001740241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e847a837181837d62022-02-14 08:43:50.434root 11241100x80000000000000001740242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ac3def93e617022022-02-14 08:43:50.434root 11241100x80000000000000001740243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704a03128561b7212022-02-14 08:43:50.434root 11241100x80000000000000001740244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcafbb0ccb34c942022-02-14 08:43:50.434root 11241100x80000000000000001740245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4969769d19de8cbc2022-02-14 08:43:50.434root 11241100x80000000000000001740246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716fca016a91e9f2022-02-14 08:43:50.434root 11241100x80000000000000001740247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55839aedc031ea62022-02-14 08:43:50.434root 11241100x80000000000000001740248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeddb0a4d1f6fe372022-02-14 08:43:50.435root 11241100x80000000000000001740249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5487dc41983096842022-02-14 08:43:50.435root 11241100x80000000000000001740250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ec1145184460282022-02-14 08:43:50.930root 11241100x80000000000000001740251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e431b78ac65a7daa2022-02-14 08:43:50.930root 11241100x80000000000000001740252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ee512c13d419d2022-02-14 08:43:50.930root 11241100x80000000000000001740253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48548b6fcd32837b2022-02-14 08:43:50.930root 11241100x80000000000000001740254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfc54aa181c9f9f2022-02-14 08:43:50.931root 11241100x80000000000000001740255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01af2776972f37d82022-02-14 08:43:50.931root 11241100x80000000000000001740256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e8941ae23b4b82022-02-14 08:43:50.931root 11241100x80000000000000001740257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e215fce789bc8a2022-02-14 08:43:50.931root 11241100x80000000000000001740258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df3c392351d7a532022-02-14 08:43:50.931root 11241100x80000000000000001740259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0507024f5d31e12022-02-14 08:43:50.931root 11241100x80000000000000001740260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1fba42ca2a212b2022-02-14 08:43:50.931root 11241100x80000000000000001740261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e227e4bbf7b5fba2022-02-14 08:43:50.931root 11241100x80000000000000001740262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e616944f022c962022-02-14 08:43:50.932root 11241100x80000000000000001740263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea7b7b3223d95102022-02-14 08:43:50.932root 11241100x80000000000000001740264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709b49ff79df89ec2022-02-14 08:43:50.932root 11241100x80000000000000001740265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5059a296157b2542022-02-14 08:43:50.932root 11241100x80000000000000001740266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6e78791591d2ee2022-02-14 08:43:50.932root 11241100x80000000000000001740267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d000fa3e0d3e2d7e2022-02-14 08:43:50.932root 11241100x80000000000000001740268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d24f259d399c7112022-02-14 08:43:50.932root 11241100x80000000000000001740269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beaa65811c830aff2022-02-14 08:43:50.932root 11241100x80000000000000001740270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0f50edeb89c6302022-02-14 08:43:50.932root 11241100x80000000000000001740271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf23c5db86828af2022-02-14 08:43:50.932root 11241100x80000000000000001740272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879bfc74cde7dd0b2022-02-14 08:43:50.933root 11241100x80000000000000001740273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9252c0160a59d7e2022-02-14 08:43:50.933root 11241100x80000000000000001740274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f95ccbbbd65cb32022-02-14 08:43:50.933root 11241100x80000000000000001740275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9520049e91f955c2022-02-14 08:43:50.933root 11241100x80000000000000001740276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee49634ce4a73922022-02-14 08:43:50.933root 11241100x80000000000000001740277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5196183d11bb162022-02-14 08:43:50.933root 11241100x80000000000000001740278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba88f733b365b27d2022-02-14 08:43:50.933root 11241100x80000000000000001740279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c61667d00427bcc2022-02-14 08:43:50.934root 11241100x80000000000000001740280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf231cdbc3718da2022-02-14 08:43:50.936root 11241100x80000000000000001740281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9e9ba78a4de4022022-02-14 08:43:50.936root 11241100x80000000000000001740282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d09fa18f6e9d022022-02-14 08:43:50.936root 11241100x80000000000000001740283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f78656e594a41c72022-02-14 08:43:50.936root 11241100x80000000000000001740284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ba7eccf008f4b52022-02-14 08:43:50.936root 11241100x80000000000000001740285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2056efdec5ddc8c2022-02-14 08:43:50.936root 11241100x80000000000000001740286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12df71855a4879992022-02-14 08:43:50.936root 11241100x80000000000000001740287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a439839b19f2d42022-02-14 08:43:51.430root 11241100x80000000000000001740288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469830e19dc9f3f2022-02-14 08:43:51.431root 11241100x80000000000000001740289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61daca62396aba72022-02-14 08:43:51.431root 11241100x80000000000000001740290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b48c5ab7faec062022-02-14 08:43:51.431root 11241100x80000000000000001740291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1aead996de0f412022-02-14 08:43:51.431root 11241100x80000000000000001740292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07077897b3b4b1672022-02-14 08:43:51.432root 11241100x80000000000000001740293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca36dff518ec7192022-02-14 08:43:51.432root 11241100x80000000000000001740294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68313d91cfd5f372022-02-14 08:43:51.432root 11241100x80000000000000001740295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d36d1d327a6cdf2022-02-14 08:43:51.432root 11241100x80000000000000001740296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529b4601ad513a6b2022-02-14 08:43:51.432root 11241100x80000000000000001740297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d5d0fc0857d082022-02-14 08:43:51.432root 11241100x80000000000000001740298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b82f7a43828c702022-02-14 08:43:51.433root 11241100x80000000000000001740299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4e906886108dfa2022-02-14 08:43:51.433root 11241100x80000000000000001740300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3549a2a1d4393212022-02-14 08:43:51.433root 11241100x80000000000000001740301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b74011d4142a0912022-02-14 08:43:51.433root 11241100x80000000000000001740302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309bf6c930dd5222022-02-14 08:43:51.433root 11241100x80000000000000001740303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0422e60c6c31c4ef2022-02-14 08:43:51.433root 11241100x80000000000000001740304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88b8293956d57a42022-02-14 08:43:51.433root 11241100x80000000000000001740305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4ac3d94f4330922022-02-14 08:43:51.433root 11241100x80000000000000001740306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90ac5859d8c5c1f2022-02-14 08:43:51.434root 11241100x80000000000000001740307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cbd053438f17072022-02-14 08:43:51.434root 11241100x80000000000000001740308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda5c3229905948d2022-02-14 08:43:51.434root 11241100x80000000000000001740309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117a4e7f8ea883e32022-02-14 08:43:51.434root 11241100x80000000000000001740310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25044669ee4c07b52022-02-14 08:43:51.434root 11241100x80000000000000001740311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c6abdda725965a2022-02-14 08:43:51.434root 11241100x80000000000000001740312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf38515232cfd572022-02-14 08:43:51.434root 11241100x80000000000000001740313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6690148fb7d4c72022-02-14 08:43:51.434root 11241100x80000000000000001740314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737864c9bc2565c82022-02-14 08:43:51.435root 11241100x80000000000000001740315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eef9f54b50fd382022-02-14 08:43:51.435root 11241100x80000000000000001740316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df228432b3cf0fd2022-02-14 08:43:51.436root 11241100x80000000000000001740317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfaabf58dd506542022-02-14 08:43:51.436root 11241100x80000000000000001740318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6239321678eb12022-02-14 08:43:51.437root 11241100x80000000000000001740319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7c46f21632d0822022-02-14 08:43:51.437root 11241100x80000000000000001740320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5a608bc47982ec2022-02-14 08:43:51.930root 11241100x80000000000000001740321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e4ff7dd4fb762f2022-02-14 08:43:51.931root 11241100x80000000000000001740322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed92da9c3a8ea502022-02-14 08:43:51.931root 11241100x80000000000000001740323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96671c957db6e3ed2022-02-14 08:43:51.931root 11241100x80000000000000001740324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820bdd89bcb83a1c2022-02-14 08:43:51.932root 11241100x80000000000000001740325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e5de8a688c4f22022-02-14 08:43:51.932root 11241100x80000000000000001740326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b05cdc973aa23a2022-02-14 08:43:51.932root 11241100x80000000000000001740327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee833cbe52b4d22d2022-02-14 08:43:51.932root 11241100x80000000000000001740328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4d8847f9a7fab52022-02-14 08:43:51.933root 11241100x80000000000000001740329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5df1bbf39fcd92022-02-14 08:43:51.933root 11241100x80000000000000001740330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ec056561fe0ceb2022-02-14 08:43:51.933root 11241100x80000000000000001740331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfa8367767fd7d32022-02-14 08:43:51.934root 11241100x80000000000000001740332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad1e232d334b842022-02-14 08:43:51.934root 11241100x80000000000000001740333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55379c48417df632022-02-14 08:43:51.934root 11241100x80000000000000001740334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845e3c54c229ba762022-02-14 08:43:51.934root 11241100x80000000000000001740335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593d238ce80e3a622022-02-14 08:43:51.935root 11241100x80000000000000001740336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada0c8a45d7a8e32022-02-14 08:43:51.935root 11241100x80000000000000001740337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29950a4f51eae8ea2022-02-14 08:43:51.935root 11241100x80000000000000001740338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb57fc6ed76bd442022-02-14 08:43:51.935root 11241100x80000000000000001740339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4067fded9fae029d2022-02-14 08:43:51.935root 11241100x80000000000000001740340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e607ded51b3d052022-02-14 08:43:51.936root 11241100x80000000000000001740341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ded7098cf6dee772022-02-14 08:43:51.936root 11241100x80000000000000001740342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa807b070db126302022-02-14 08:43:51.936root 11241100x80000000000000001740343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f12e9601a2aac02022-02-14 08:43:51.936root 11241100x80000000000000001740344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d8f502f6089bcf2022-02-14 08:43:51.936root 11241100x80000000000000001740345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27e1947b908aede2022-02-14 08:43:51.937root 11241100x80000000000000001740346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ded083521e50f02022-02-14 08:43:51.937root 11241100x80000000000000001740347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d481ed8e7bfa2ac2022-02-14 08:43:51.937root 11241100x80000000000000001740348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017bcbb01a59aeef2022-02-14 08:43:51.937root 11241100x80000000000000001740349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a1feb91660b3052022-02-14 08:43:51.938root 11241100x80000000000000001740350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e2e28f44d173502022-02-14 08:43:51.938root 11241100x80000000000000001740351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e450bd96ee6cc1ad2022-02-14 08:43:51.938root 11241100x80000000000000001740352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3812a4433a673f02022-02-14 08:43:51.939root 11241100x80000000000000001740353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f5e895ccb139b02022-02-14 08:43:52.430root 11241100x80000000000000001740354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840537a10431e9682022-02-14 08:43:52.430root 11241100x80000000000000001740355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbfe65b042eae972022-02-14 08:43:52.431root 11241100x80000000000000001740356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5d25a2623d98c82022-02-14 08:43:52.431root 11241100x80000000000000001740357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfbe5e737d275242022-02-14 08:43:52.431root 11241100x80000000000000001740358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb813edea9624522022-02-14 08:43:52.431root 11241100x80000000000000001740359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a15130b1fc9d7772022-02-14 08:43:52.432root 11241100x80000000000000001740360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73332e51371b642c2022-02-14 08:43:52.432root 11241100x80000000000000001740361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97767db86afcc23d2022-02-14 08:43:52.432root 11241100x80000000000000001740362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f310a8abd41a752022-02-14 08:43:52.432root 11241100x80000000000000001740363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca45b4a9514d34f42022-02-14 08:43:52.432root 11241100x80000000000000001740364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1523442d2ac047be2022-02-14 08:43:52.432root 11241100x80000000000000001740365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4b74b8c3d069a2022-02-14 08:43:52.433root 11241100x80000000000000001740366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4386b1cbb782652022-02-14 08:43:52.433root 11241100x80000000000000001740367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f403363d5552672022-02-14 08:43:52.433root 11241100x80000000000000001740368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3207b5291d7c892022-02-14 08:43:52.433root 11241100x80000000000000001740369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc0485455b7fdf82022-02-14 08:43:52.434root 11241100x80000000000000001740370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91221f9c0af72d32022-02-14 08:43:52.434root 11241100x80000000000000001740371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f429b70294f1e02022-02-14 08:43:52.434root 11241100x80000000000000001740372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9c9f2d562d10a52022-02-14 08:43:52.434root 11241100x80000000000000001740373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cfa64387d5cda42022-02-14 08:43:52.435root 11241100x80000000000000001740374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720c803ed976c8222022-02-14 08:43:52.435root 11241100x80000000000000001740375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0f1821ea4f0a542022-02-14 08:43:52.435root 11241100x80000000000000001740376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1bccf50c17f73d2022-02-14 08:43:52.435root 11241100x80000000000000001740377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff73e832271dc1402022-02-14 08:43:52.435root 11241100x80000000000000001740378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c742e0fe0e2d92942022-02-14 08:43:52.436root 11241100x80000000000000001740379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6438b184d1196e2022-02-14 08:43:52.436root 11241100x80000000000000001740380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2067cb78706199b02022-02-14 08:43:52.436root 11241100x80000000000000001740381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef493586c4ee22752022-02-14 08:43:52.436root 11241100x80000000000000001740382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3af72359c5af7c2022-02-14 08:43:52.436root 11241100x80000000000000001740383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b016514e0f86d2052022-02-14 08:43:52.437root 11241100x80000000000000001740384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f2f821b422214b2022-02-14 08:43:52.437root 11241100x80000000000000001740385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7480ae51a8f01ce02022-02-14 08:43:52.437root 11241100x80000000000000001740386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3395115cf3c16c622022-02-14 08:43:52.438root 11241100x80000000000000001740387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264b3ca16a7a95962022-02-14 08:43:52.930root 11241100x80000000000000001740388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d28b4421b546722022-02-14 08:43:52.930root 11241100x80000000000000001740389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c9ebfb3d6f03dc2022-02-14 08:43:52.930root 11241100x80000000000000001740390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4034c09039afde192022-02-14 08:43:52.930root 11241100x80000000000000001740391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe39056b5548112022-02-14 08:43:52.931root 11241100x80000000000000001740392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa432902214d4d52022-02-14 08:43:52.931root 11241100x80000000000000001740393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192a0354f88d9c42022-02-14 08:43:52.931root 11241100x80000000000000001740394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eae78e2ea906bf2022-02-14 08:43:52.931root 11241100x80000000000000001740395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ea8b8d44e2308e2022-02-14 08:43:52.931root 11241100x80000000000000001740396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0609359c677b77aa2022-02-14 08:43:52.931root 11241100x80000000000000001740397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78cb61692ec5ef92022-02-14 08:43:52.932root 11241100x80000000000000001740398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219d19947c6ef36a2022-02-14 08:43:52.932root 11241100x80000000000000001740399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7728ab8f209857e92022-02-14 08:43:52.932root 11241100x80000000000000001740400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7c1aad53291502022-02-14 08:43:52.932root 11241100x80000000000000001740401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff38d1bb2a7b2f342022-02-14 08:43:52.932root 11241100x80000000000000001740402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f40847859a847f2022-02-14 08:43:52.932root 11241100x80000000000000001740403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e7356010332a092022-02-14 08:43:52.933root 11241100x80000000000000001740404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e34403570cd2af2022-02-14 08:43:52.933root 11241100x80000000000000001740405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b0596b7821df142022-02-14 08:43:52.933root 11241100x80000000000000001740406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42191b4765ec7352022-02-14 08:43:52.934root 11241100x80000000000000001740407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c602b2e93ebb85cf2022-02-14 08:43:52.934root 11241100x80000000000000001740408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8f6e803c710f4d2022-02-14 08:43:52.934root 11241100x80000000000000001740409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0864106a035aa0eb2022-02-14 08:43:52.934root 11241100x80000000000000001740410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c95d6f203d354482022-02-14 08:43:52.934root 11241100x80000000000000001740411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3690d9c401169b192022-02-14 08:43:52.934root 11241100x80000000000000001740412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b000604458e8bc62022-02-14 08:43:52.934root 11241100x80000000000000001740413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12025e8a78fd47472022-02-14 08:43:52.934root 11241100x80000000000000001740414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104a5090ac6b8a182022-02-14 08:43:52.934root 11241100x80000000000000001740415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f86c01491400032022-02-14 08:43:52.935root 11241100x80000000000000001740416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9db52be380f10ce2022-02-14 08:43:52.935root 11241100x80000000000000001740417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a6b4e184a1b79d2022-02-14 08:43:52.935root 11241100x80000000000000001740418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e627e655b278e12022-02-14 08:43:52.935root 11241100x80000000000000001740419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605c1d91714cc8622022-02-14 08:43:52.935root 11241100x80000000000000001740420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9e19539ef1f7d42022-02-14 08:43:52.935root 11241100x80000000000000001740421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265be99ac1a316732022-02-14 08:43:52.935root 11241100x80000000000000001740422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efaedca00a535192022-02-14 08:43:52.935root 11241100x80000000000000001740423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1176b6e93ba4c42022-02-14 08:43:52.935root 11241100x80000000000000001740424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd4839170444fae2022-02-14 08:43:52.935root 11241100x80000000000000001740425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7167f8e0d9716c6a2022-02-14 08:43:52.935root 11241100x80000000000000001740426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94774beed2f874062022-02-14 08:43:52.935root 11241100x80000000000000001740427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1eef504485e2972022-02-14 08:43:52.935root 11241100x80000000000000001740428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403d30169b78b64e2022-02-14 08:43:52.936root 11241100x80000000000000001740429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c106d06dfe9d84ee2022-02-14 08:43:52.936root 11241100x80000000000000001740430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb101ca3b25dd23e2022-02-14 08:43:52.936root 11241100x80000000000000001740431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0accf18f5b3e3dea2022-02-14 08:43:52.936root 11241100x80000000000000001740432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2332d41c714698af2022-02-14 08:43:52.936root 11241100x80000000000000001740433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a752c713cb2a0702022-02-14 08:43:52.936root 11241100x80000000000000001740434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088600f405ca04622022-02-14 08:43:53.429root 11241100x80000000000000001740435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e4c95352fac452022-02-14 08:43:53.430root 11241100x80000000000000001740436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94784351c821d92022-02-14 08:43:53.430root 11241100x80000000000000001740437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2af9ab9126fa6b92022-02-14 08:43:53.430root 11241100x80000000000000001740438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b16f2ee0b8c3f2022-02-14 08:43:53.430root 11241100x80000000000000001740439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096481b6cf313d692022-02-14 08:43:53.430root 11241100x80000000000000001740440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0212f7069f8fca6e2022-02-14 08:43:53.430root 11241100x80000000000000001740441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f496b46f6719dd242022-02-14 08:43:53.430root 11241100x80000000000000001740442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1286c2be32a97c712022-02-14 08:43:53.430root 11241100x80000000000000001740443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d88ce4629e705e2022-02-14 08:43:53.430root 11241100x80000000000000001740444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c86328387e607502022-02-14 08:43:53.430root 11241100x80000000000000001740445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb411231c2ec392022-02-14 08:43:53.430root 11241100x80000000000000001740446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1e3fa9c73fac692022-02-14 08:43:53.430root 11241100x80000000000000001740447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1693d7cb2f2cfe2022-02-14 08:43:53.431root 11241100x80000000000000001740448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591c6972661c77b92022-02-14 08:43:53.431root 11241100x80000000000000001740449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4334684ad02260542022-02-14 08:43:53.431root 11241100x80000000000000001740450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a58d4b8539d1c212022-02-14 08:43:53.431root 11241100x80000000000000001740451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317e7a23becb7f6b2022-02-14 08:43:53.431root 11241100x80000000000000001740452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3688a7ad6b10c22022-02-14 08:43:53.431root 11241100x80000000000000001740453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d07718ce56ec1422022-02-14 08:43:53.431root 11241100x80000000000000001740454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f5c611261994422022-02-14 08:43:53.431root 11241100x80000000000000001740455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b55120c4b190fa2022-02-14 08:43:53.431root 11241100x80000000000000001740456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d278dcca04d34c2022-02-14 08:43:53.431root 11241100x80000000000000001740457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a577731989514082022-02-14 08:43:53.431root 11241100x80000000000000001740458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7947d1cfee406922022-02-14 08:43:53.431root 11241100x80000000000000001740459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b5b205fa2268e52022-02-14 08:43:53.432root 11241100x80000000000000001740460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58efe43c922edcca2022-02-14 08:43:53.432root 11241100x80000000000000001740461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430355a6112bd9c52022-02-14 08:43:53.432root 11241100x80000000000000001740462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31dd8f23dc96d872022-02-14 08:43:53.432root 11241100x80000000000000001740463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f729078187fc4a2022-02-14 08:43:53.432root 11241100x80000000000000001740464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba8ac4398226c3e2022-02-14 08:43:53.432root 11241100x80000000000000001740465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee2199f7770a52d2022-02-14 08:43:53.432root 11241100x80000000000000001740466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbbf5657b9de7982022-02-14 08:43:53.432root 11241100x80000000000000001740467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2fa8acb035b41c2022-02-14 08:43:53.432root 11241100x80000000000000001740468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cff2aacfc05c2f2022-02-14 08:43:53.432root 11241100x80000000000000001740469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6728f89e136ce2532022-02-14 08:43:53.432root 11241100x80000000000000001740470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ffa02a265c43692022-02-14 08:43:53.433root 11241100x80000000000000001740471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbba21c2a3029e72022-02-14 08:43:53.433root 11241100x80000000000000001740472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c17c06a5a42149d2022-02-14 08:43:53.433root 11241100x80000000000000001740473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6abc3a88ec4083f2022-02-14 08:43:53.433root 11241100x80000000000000001740474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6c65c35dc379492022-02-14 08:43:53.433root 11241100x80000000000000001740475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a25737b0912d132022-02-14 08:43:53.433root 11241100x80000000000000001740476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cb735b802ebfcb2022-02-14 08:43:53.433root 11241100x80000000000000001740477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad2ea8931deb9d72022-02-14 08:43:53.433root 11241100x80000000000000001740478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668d63a606acab0f2022-02-14 08:43:53.433root 11241100x80000000000000001740479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41623c53d48d519f2022-02-14 08:43:53.437root 11241100x80000000000000001740480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d60c3838941df92022-02-14 08:43:53.437root 11241100x80000000000000001740481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa764935d240dbe32022-02-14 08:43:53.437root 11241100x80000000000000001740482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52fbacd4f3804052022-02-14 08:43:53.437root 11241100x80000000000000001740483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd284a22d442b642022-02-14 08:43:53.438root 11241100x80000000000000001740484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d6d4ebf30a9e732022-02-14 08:43:53.439root 11241100x80000000000000001740485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ba62c0d6cc57cb2022-02-14 08:43:53.439root 11241100x80000000000000001740486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc67f5514f86d23f2022-02-14 08:43:53.439root 11241100x80000000000000001740487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8309048ce6cd222022-02-14 08:43:53.439root 11241100x80000000000000001740488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fcd5cd451a77842022-02-14 08:43:53.439root 11241100x80000000000000001740489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103ed87bdbc08c152022-02-14 08:43:53.439root 11241100x80000000000000001740490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d965ef819a8f15f12022-02-14 08:43:53.439root 11241100x80000000000000001740491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b6fb3e430c84132022-02-14 08:43:53.439root 11241100x80000000000000001740492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fbb545be5596ec2022-02-14 08:43:53.442root 11241100x80000000000000001740493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66523ef3f9517aae2022-02-14 08:43:53.442root 11241100x80000000000000001740494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c14ec7ab318d0c52022-02-14 08:43:53.442root 11241100x80000000000000001740495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c0946f88759c452022-02-14 08:43:53.442root 11241100x80000000000000001740496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f009b0bee2c651882022-02-14 08:43:53.443root 11241100x80000000000000001740497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416cf245d53265bf2022-02-14 08:43:53.443root 11241100x80000000000000001740498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2ce6e7400c84152022-02-14 08:43:53.443root 11241100x80000000000000001740499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51118174c54725662022-02-14 08:43:53.443root 11241100x80000000000000001740500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624a72fc894dc11f2022-02-14 08:43:53.443root 11241100x80000000000000001740501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2444b1ac68df810d2022-02-14 08:43:53.443root 11241100x80000000000000001740502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed71cd3feb85e262022-02-14 08:43:53.443root 11241100x80000000000000001740503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfac71df23143632022-02-14 08:43:53.443root 11241100x80000000000000001740504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c787aa22af7570a2022-02-14 08:43:53.444root 11241100x80000000000000001740505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0beb70790bfc0e42022-02-14 08:43:53.445root 11241100x80000000000000001740506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eadbadeaaff7682022-02-14 08:43:53.445root 11241100x80000000000000001740507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef49d06a2647f9392022-02-14 08:43:53.445root 11241100x80000000000000001740508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b037da17dcc592022-02-14 08:43:53.445root 11241100x80000000000000001740509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838a6c58b96f97d02022-02-14 08:43:53.445root 11241100x80000000000000001740510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998a31a4f598d3c72022-02-14 08:43:53.445root 11241100x80000000000000001740511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d8a99c1ec6e0d02022-02-14 08:43:53.445root 11241100x80000000000000001740512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8409a5a8cf51c82022-02-14 08:43:53.445root 11241100x80000000000000001740513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b312bd6851b212022-02-14 08:43:53.447root 11241100x80000000000000001740514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f196f5af026894d2022-02-14 08:43:53.447root 11241100x80000000000000001740515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747e2f763a5ccbb02022-02-14 08:43:53.447root 11241100x80000000000000001740516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7e032c30285f4e2022-02-14 08:43:53.930root 11241100x80000000000000001740517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f21e5dd3b17739e2022-02-14 08:43:53.930root 11241100x80000000000000001740518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9378505c52313cfd2022-02-14 08:43:53.930root 11241100x80000000000000001740519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ee3340d2eddb5d2022-02-14 08:43:53.930root 11241100x80000000000000001740520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbe236d3fac06d72022-02-14 08:43:53.931root 11241100x80000000000000001740521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bef4f51e9362b6d2022-02-14 08:43:53.931root 11241100x80000000000000001740522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5311faadd7266bc32022-02-14 08:43:53.931root 11241100x80000000000000001740523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f471f7dcb1e290c2022-02-14 08:43:53.931root 11241100x80000000000000001740524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e086006612d50a2022-02-14 08:43:53.931root 11241100x80000000000000001740525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffa678df23096be2022-02-14 08:43:53.931root 11241100x80000000000000001740526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb769488e9169722022-02-14 08:43:53.931root 11241100x80000000000000001740527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ef80f303e6dd3e2022-02-14 08:43:53.931root 11241100x80000000000000001740528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74689b634e86dd962022-02-14 08:43:53.932root 11241100x80000000000000001740529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be194fde5e2c94d92022-02-14 08:43:53.932root 11241100x80000000000000001740530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a77c1cdfa2c0c2022-02-14 08:43:53.932root 11241100x80000000000000001740531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f692d2c0dc3b304f2022-02-14 08:43:53.932root 11241100x80000000000000001740532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8dfc5bf35a5c182022-02-14 08:43:53.932root 11241100x80000000000000001740533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1cd76e090606db2022-02-14 08:43:53.932root 11241100x80000000000000001740534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7601054dc58c7a9b2022-02-14 08:43:53.932root 11241100x80000000000000001740535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438f3ed0a4b675762022-02-14 08:43:53.932root 11241100x80000000000000001740536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f13aadff639f7b2022-02-14 08:43:53.932root 11241100x80000000000000001740537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3391a570dd3626692022-02-14 08:43:53.932root 11241100x80000000000000001740538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b7274b4d02ffe2022-02-14 08:43:53.932root 11241100x80000000000000001740539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6bceabeb94eab2022-02-14 08:43:53.933root 11241100x80000000000000001740540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93c4adea5a0ecda2022-02-14 08:43:53.933root 11241100x80000000000000001740541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa2f38ccb6aa54e2022-02-14 08:43:53.933root 11241100x80000000000000001740542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86e35e1e94b173e2022-02-14 08:43:53.933root 11241100x80000000000000001740543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fe119351ffd7872022-02-14 08:43:53.933root 11241100x80000000000000001740544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db511be759756d1a2022-02-14 08:43:53.933root 11241100x80000000000000001740545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb8758842749e22022-02-14 08:43:53.933root 11241100x80000000000000001740546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f6a0a63c955462022-02-14 08:43:53.933root 11241100x80000000000000001740547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bf474e6f3e61c82022-02-14 08:43:53.933root 11241100x80000000000000001740548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a320e5e2cd531d982022-02-14 08:43:53.933root 11241100x80000000000000001740549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3b18267f8b9fcf2022-02-14 08:43:53.934root 11241100x80000000000000001740550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2401e64fdf757b122022-02-14 08:43:53.934root 11241100x80000000000000001740551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00d9dac214c03712022-02-14 08:43:53.934root 354300x80000000000000001740552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.234{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51474-false10.0.1.12-8000- 11241100x80000000000000001740553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0599b26df635a8b22022-02-14 08:43:54.235root 11241100x80000000000000001740554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153dd099bcfbf5ae2022-02-14 08:43:54.235root 11241100x80000000000000001740555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f932dbc8bcb3b1b32022-02-14 08:43:54.235root 11241100x80000000000000001740556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5892c920530aa2022-02-14 08:43:54.235root 11241100x80000000000000001740557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1767cde0b1fa105a2022-02-14 08:43:54.236root 11241100x80000000000000001740558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4093e14f531562512022-02-14 08:43:54.236root 11241100x80000000000000001740559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb5e5f4b93b9f02022-02-14 08:43:54.236root 11241100x80000000000000001740560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb151eaf28f4f302022-02-14 08:43:54.236root 11241100x80000000000000001740561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948f11879d1e39242022-02-14 08:43:54.236root 11241100x80000000000000001740562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a692c4c7bc56f5162022-02-14 08:43:54.236root 11241100x80000000000000001740563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d167e68506d49c142022-02-14 08:43:54.236root 11241100x80000000000000001740564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1edad7484d46ca32022-02-14 08:43:54.236root 11241100x80000000000000001740565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a30693c3da02ec82022-02-14 08:43:54.236root 11241100x80000000000000001740566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cd06c4bc9c15292022-02-14 08:43:54.236root 11241100x80000000000000001740567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fe05dfe2e701c12022-02-14 08:43:54.236root 11241100x80000000000000001740568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4046ef011be7cdea2022-02-14 08:43:54.237root 11241100x80000000000000001740569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d31e8877b9cbf972022-02-14 08:43:54.237root 11241100x80000000000000001740570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71724c5f1ef18fc32022-02-14 08:43:54.237root 11241100x80000000000000001740571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19158464cc740c82022-02-14 08:43:54.237root 11241100x80000000000000001740572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf5eed14d46e402022-02-14 08:43:54.237root 11241100x80000000000000001740573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6005a284332e12022-02-14 08:43:54.237root 11241100x80000000000000001740574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2559e29e048fcb842022-02-14 08:43:54.237root 11241100x80000000000000001740575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e319f646d4070d2022-02-14 08:43:54.237root 11241100x80000000000000001740576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7de7919b84953e02022-02-14 08:43:54.237root 11241100x80000000000000001740577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022e4d6b6aa088432022-02-14 08:43:54.238root 11241100x80000000000000001740578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c04d78f0f7028a2022-02-14 08:43:54.238root 11241100x80000000000000001740579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede9808359be4f2f2022-02-14 08:43:54.238root 11241100x80000000000000001740580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a670683e193084522022-02-14 08:43:54.238root 11241100x80000000000000001740581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.239{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5694e84be7ab6552022-02-14 08:43:54.239root 11241100x80000000000000001740582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.241{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af381a6f0aeec702022-02-14 08:43:54.241root 11241100x80000000000000001740583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.241{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9827bbaa3253a1f02022-02-14 08:43:54.241root 11241100x80000000000000001740584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.241{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edea21d963d0a7be2022-02-14 08:43:54.241root 11241100x80000000000000001740585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84d6c4e60b40ffe2022-02-14 08:43:54.242root 11241100x80000000000000001740586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f5404c32b80e42022-02-14 08:43:54.242root 11241100x80000000000000001740587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82ce6de3af614cc2022-02-14 08:43:54.242root 11241100x80000000000000001740588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d40d2adf7926a462022-02-14 08:43:54.242root 11241100x80000000000000001740589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e01614a95c18a8c2022-02-14 08:43:54.242root 11241100x80000000000000001740590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19c0a912acf91ba2022-02-14 08:43:54.242root 11241100x80000000000000001740591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3706c03ee954c8de2022-02-14 08:43:54.243root 11241100x80000000000000001740592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb687fb9a3b3ad2022-02-14 08:43:54.243root 11241100x80000000000000001740593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfd7161b887d9d02022-02-14 08:43:54.243root 11241100x80000000000000001740594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f027c581680525882022-02-14 08:43:54.243root 11241100x80000000000000001740595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d690e2be9c5a62a52022-02-14 08:43:54.243root 11241100x80000000000000001740596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e09fcf3a61f7f62022-02-14 08:43:54.243root 11241100x80000000000000001740597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0599b7d3fc126df02022-02-14 08:43:54.243root 11241100x80000000000000001740598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882ea583b62b0942022-02-14 08:43:54.243root 11241100x80000000000000001740599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f80149ae1dd13ee2022-02-14 08:43:54.243root 11241100x80000000000000001740600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9852c6a692eeb0f2022-02-14 08:43:54.243root 11241100x80000000000000001740601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e07c69eac2a7a2022-02-14 08:43:54.244root 11241100x80000000000000001740602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9c6cca53c98f992022-02-14 08:43:54.244root 11241100x80000000000000001740603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389d6e4b8d0336532022-02-14 08:43:54.244root 11241100x80000000000000001740604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f510fafc4f4b942022-02-14 08:43:54.244root 11241100x80000000000000001740605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8a54de205508ff2022-02-14 08:43:54.244root 11241100x80000000000000001740606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd17a2f6180c88c2022-02-14 08:43:54.244root 11241100x80000000000000001740607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e520829b01a409d2022-02-14 08:43:54.244root 11241100x80000000000000001740608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73ac16ea671c9b2022-02-14 08:43:54.245root 11241100x80000000000000001740609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c83d09762179c6b2022-02-14 08:43:54.245root 11241100x80000000000000001740610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9305434f4ac0fa592022-02-14 08:43:54.245root 11241100x80000000000000001740611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2097133cc850032022-02-14 08:43:54.245root 11241100x80000000000000001740612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0c97957f9990d2022-02-14 08:43:54.245root 11241100x80000000000000001740613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be6f6271a969f512022-02-14 08:43:54.246root 11241100x80000000000000001740614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5c4fd52e352ab52022-02-14 08:43:54.680root 11241100x80000000000000001740615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b109eadb006338622022-02-14 08:43:54.680root 11241100x80000000000000001740616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188483a19c0290302022-02-14 08:43:54.680root 11241100x80000000000000001740617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a964e2059199b9742022-02-14 08:43:54.681root 11241100x80000000000000001740618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124d59b4f987ad072022-02-14 08:43:54.681root 11241100x80000000000000001740619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceddc591a587be422022-02-14 08:43:54.681root 11241100x80000000000000001740620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e0dea28db5c3462022-02-14 08:43:54.681root 11241100x80000000000000001740621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c08e6d172a5fa962022-02-14 08:43:54.682root 11241100x80000000000000001740622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3bb4559d648c972022-02-14 08:43:54.682root 11241100x80000000000000001740623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d397da6e1e4aec82022-02-14 08:43:54.682root 11241100x80000000000000001740624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed66a5207580802022-02-14 08:43:54.682root 11241100x80000000000000001740625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28125a650274c0a22022-02-14 08:43:54.682root 11241100x80000000000000001740626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e72dc942038a982022-02-14 08:43:54.682root 11241100x80000000000000001740627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecde26778e582232022-02-14 08:43:54.683root 11241100x80000000000000001740628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9666d6d869c3a3212022-02-14 08:43:54.683root 11241100x80000000000000001740629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2651144b7eb4f12022-02-14 08:43:54.683root 11241100x80000000000000001740630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888079a53df3cde32022-02-14 08:43:54.683root 11241100x80000000000000001740631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92705b4563d4c50b2022-02-14 08:43:54.683root 11241100x80000000000000001740632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1469af0008e7debe2022-02-14 08:43:54.685root 11241100x80000000000000001740633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9dd27a3541a6372022-02-14 08:43:54.686root 11241100x80000000000000001740634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989645b99bb025122022-02-14 08:43:54.686root 11241100x80000000000000001740635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd937aca8c16f552022-02-14 08:43:54.686root 11241100x80000000000000001740636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012a34195a98c9c2022-02-14 08:43:54.686root 11241100x80000000000000001740637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aba608d72f727c2022-02-14 08:43:54.686root 11241100x80000000000000001740638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb173c52c63b17d2022-02-14 08:43:54.686root 11241100x80000000000000001740639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdebae60029a1872022-02-14 08:43:54.686root 11241100x80000000000000001740640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5def5592a8649402022-02-14 08:43:54.686root 11241100x80000000000000001740641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a0a5ef04a85b542022-02-14 08:43:54.686root 11241100x80000000000000001740642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3967da6f57daff492022-02-14 08:43:54.687root 11241100x80000000000000001740643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21b74a255e1253f2022-02-14 08:43:54.687root 11241100x80000000000000001740644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fa957a1b492c9c2022-02-14 08:43:54.687root 11241100x80000000000000001740645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6918d52e390dad92022-02-14 08:43:54.687root 11241100x80000000000000001740646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689d67b666f6bf702022-02-14 08:43:54.687root 11241100x80000000000000001740647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15c4a963d466ffb2022-02-14 08:43:54.687root 11241100x80000000000000001740648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165f398887891f62022-02-14 08:43:54.687root 11241100x80000000000000001740649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c5e954cdb48ea2022-02-14 08:43:54.687root 11241100x80000000000000001740650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fa033afb7356ca2022-02-14 08:43:54.687root 11241100x80000000000000001740651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b5eb02a488fab52022-02-14 08:43:54.687root 11241100x80000000000000001740652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00cf1292fa9746b2022-02-14 08:43:55.180root 11241100x80000000000000001740653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7639aefecc6d8a62022-02-14 08:43:55.181root 11241100x80000000000000001740654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43a454f18a0b8ff2022-02-14 08:43:55.181root 11241100x80000000000000001740655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a49e07880d96422022-02-14 08:43:55.181root 11241100x80000000000000001740656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5495ff90f181ea42022-02-14 08:43:55.181root 11241100x80000000000000001740657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906908e1809b2fa92022-02-14 08:43:55.181root 11241100x80000000000000001740658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1902201eddf0352022-02-14 08:43:55.181root 11241100x80000000000000001740659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0041fc0c84641872022-02-14 08:43:55.182root 11241100x80000000000000001740660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a538548d9939972022-02-14 08:43:55.182root 11241100x80000000000000001740661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ffe18daf0c774d2022-02-14 08:43:55.182root 11241100x80000000000000001740662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fa4f1fcc9abefb2022-02-14 08:43:55.182root 11241100x80000000000000001740663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e34d04d58ad3b712022-02-14 08:43:55.182root 11241100x80000000000000001740664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bad9ed5daefed22022-02-14 08:43:55.183root 11241100x80000000000000001740665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387ac2ec88f5222f2022-02-14 08:43:55.183root 11241100x80000000000000001740666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc919d5dd785418f2022-02-14 08:43:55.183root 11241100x80000000000000001740667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4de6049dcbbc0f2022-02-14 08:43:55.183root 11241100x80000000000000001740668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141aee06695c06b32022-02-14 08:43:55.183root 11241100x80000000000000001740669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74879e52e093a8b2022-02-14 08:43:55.183root 11241100x80000000000000001740670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1343c5ff8c15f1472022-02-14 08:43:55.183root 11241100x80000000000000001740671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c03d873d5f7dc72022-02-14 08:43:55.183root 11241100x80000000000000001740672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045521df90401002022-02-14 08:43:55.183root 11241100x80000000000000001740673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b409720ccd72f4f2022-02-14 08:43:55.183root 11241100x80000000000000001740674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640687e27c0ffc852022-02-14 08:43:55.183root 11241100x80000000000000001740675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77267ea1427caf72022-02-14 08:43:55.184root 11241100x80000000000000001740676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112d8efce36d49d42022-02-14 08:43:55.184root 11241100x80000000000000001740677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc821256906c12772022-02-14 08:43:55.184root 11241100x80000000000000001740678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8fcd7b8297789e2022-02-14 08:43:55.184root 11241100x80000000000000001740679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c6f372c115d822022-02-14 08:43:55.184root 11241100x80000000000000001740680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cee6b49515f5daf2022-02-14 08:43:55.184root 11241100x80000000000000001740681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0260edf3672657722022-02-14 08:43:55.184root 11241100x80000000000000001740682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b008fb59b1ef307e2022-02-14 08:43:55.184root 11241100x80000000000000001740683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7778ca8023b2cf7b2022-02-14 08:43:55.185root 11241100x80000000000000001740684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ba6c1a43f328e2022-02-14 08:43:55.185root 11241100x80000000000000001740685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bde4cc701e4c9c2022-02-14 08:43:55.185root 11241100x80000000000000001740686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800b836a4608ca052022-02-14 08:43:55.680root 11241100x80000000000000001740687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649cb3c8423e261e2022-02-14 08:43:55.681root 11241100x80000000000000001740688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3090b9b1296aa22022-02-14 08:43:55.681root 11241100x80000000000000001740689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105423070991db012022-02-14 08:43:55.681root 11241100x80000000000000001740690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb7bca2f3d09e7a2022-02-14 08:43:55.682root 11241100x80000000000000001740691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb821ae593a88072022-02-14 08:43:55.682root 11241100x80000000000000001740692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f642551fcea007b2022-02-14 08:43:55.682root 11241100x80000000000000001740693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7c45cce3ba72102022-02-14 08:43:55.682root 11241100x80000000000000001740694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1da00893005cc7c2022-02-14 08:43:55.682root 11241100x80000000000000001740695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a2cec6cf05c3cc2022-02-14 08:43:55.682root 11241100x80000000000000001740696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041c14346b7e26f42022-02-14 08:43:55.682root 11241100x80000000000000001740697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaed7afdace211d2022-02-14 08:43:55.682root 11241100x80000000000000001740698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17503868ef25b61a2022-02-14 08:43:55.682root 11241100x80000000000000001740699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09d8f85150b5d162022-02-14 08:43:55.683root 11241100x80000000000000001740700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25c593e8109eb932022-02-14 08:43:55.683root 11241100x80000000000000001740701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ed5c93bc9dbcbc2022-02-14 08:43:55.683root 11241100x80000000000000001740702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfec0669b679f1d2022-02-14 08:43:55.683root 11241100x80000000000000001740703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69319dc2ebf510c2022-02-14 08:43:55.683root 11241100x80000000000000001740704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319844ff9d7ab452022-02-14 08:43:55.683root 11241100x80000000000000001740705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7a56cc6175bce2022-02-14 08:43:55.683root 11241100x80000000000000001740706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0db2b18a07210b2022-02-14 08:43:55.683root 11241100x80000000000000001740707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07c060f4fd05d2a2022-02-14 08:43:55.683root 11241100x80000000000000001740708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5d2fb9f10aaa132022-02-14 08:43:55.683root 11241100x80000000000000001740709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051ca66fb86b84b92022-02-14 08:43:55.684root 11241100x80000000000000001740710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609dc01d62982cc82022-02-14 08:43:55.684root 11241100x80000000000000001740711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5f4175078930ed2022-02-14 08:43:55.684root 11241100x80000000000000001740712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397d2df773eae71d2022-02-14 08:43:55.684root 11241100x80000000000000001740713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ee597af3d592e12022-02-14 08:43:55.684root 11241100x80000000000000001740714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d5694cfe9191272022-02-14 08:43:55.684root 11241100x80000000000000001740715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6e0c13edddfc32022-02-14 08:43:55.684root 11241100x80000000000000001740716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9679447ecc4917582022-02-14 08:43:55.684root 11241100x80000000000000001740717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cf1c6b5a14d9212022-02-14 08:43:55.684root 11241100x80000000000000001740718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96044d02d4ba7d42022-02-14 08:43:55.684root 11241100x80000000000000001740719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c505335d6108b192022-02-14 08:43:55.685root 11241100x80000000000000001740720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf26bd97d91a3ee2022-02-14 08:43:56.180root 11241100x80000000000000001740721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d8fc03621ac412022-02-14 08:43:56.180root 11241100x80000000000000001740722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9ef4e885ecd2832022-02-14 08:43:56.180root 11241100x80000000000000001740723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fb0d52e699f7052022-02-14 08:43:56.180root 11241100x80000000000000001740724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68738234fcd47a42022-02-14 08:43:56.181root 11241100x80000000000000001740725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a99e28eae05a11d2022-02-14 08:43:56.181root 11241100x80000000000000001740726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4d7894dd9de7d2022-02-14 08:43:56.181root 11241100x80000000000000001740727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e9e81dfcfba2c12022-02-14 08:43:56.181root 11241100x80000000000000001740728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f533dbba0349d702022-02-14 08:43:56.182root 11241100x80000000000000001740729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11edd7ec0a979c02022-02-14 08:43:56.182root 11241100x80000000000000001740730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0327b9c3d38475d12022-02-14 08:43:56.182root 11241100x80000000000000001740731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07af79a70b3777a52022-02-14 08:43:56.182root 11241100x80000000000000001740732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1e796d09b166ff2022-02-14 08:43:56.183root 11241100x80000000000000001740733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d7331c0e52f73b2022-02-14 08:43:56.183root 11241100x80000000000000001740734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303779c030a5fb572022-02-14 08:43:56.183root 11241100x80000000000000001740735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459754fcd7cc84782022-02-14 08:43:56.184root 11241100x80000000000000001740736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d874130d825380a2022-02-14 08:43:56.184root 11241100x80000000000000001740737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8140055603ffe03a2022-02-14 08:43:56.184root 11241100x80000000000000001740738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bc6be51c5805162022-02-14 08:43:56.184root 11241100x80000000000000001740739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b524b99527864892022-02-14 08:43:56.185root 11241100x80000000000000001740740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84c41258cf5e9a02022-02-14 08:43:56.185root 11241100x80000000000000001740741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2fe681fa28c43b2022-02-14 08:43:56.185root 11241100x80000000000000001740742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3192042bc909dfc2022-02-14 08:43:56.186root 11241100x80000000000000001740743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1690d7620296b7c12022-02-14 08:43:56.186root 11241100x80000000000000001740744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b814e807b5cf5b912022-02-14 08:43:56.186root 11241100x80000000000000001740745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dc6414645a6c282022-02-14 08:43:56.186root 11241100x80000000000000001740746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b5a19264883562022-02-14 08:43:56.187root 11241100x80000000000000001740747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6981659d70bfe12022-02-14 08:43:56.187root 11241100x80000000000000001740748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f4bb68880f37342022-02-14 08:43:56.187root 11241100x80000000000000001740749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397b0bbae9d24b492022-02-14 08:43:56.187root 11241100x80000000000000001740750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b18219c3c45f9aa2022-02-14 08:43:56.188root 11241100x80000000000000001740751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683b368772a941002022-02-14 08:43:56.188root 11241100x80000000000000001740752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b56fc9220d52372022-02-14 08:43:56.188root 11241100x80000000000000001740753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a0dfc2f4bddaf2022-02-14 08:43:56.188root 11241100x80000000000000001740754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb48bf47dda01b982022-02-14 08:43:56.189root 11241100x80000000000000001740755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc3b01206523ed2022-02-14 08:43:56.189root 11241100x80000000000000001740756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34010a3fd87579632022-02-14 08:43:56.189root 11241100x80000000000000001740757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6dd3e15f46ce0e2022-02-14 08:43:56.190root 11241100x80000000000000001740758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f3a6a2fb0a9712022-02-14 08:43:56.190root 11241100x80000000000000001740759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c09aae18029332022-02-14 08:43:56.680root 11241100x80000000000000001740760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eb73f05f324ca12022-02-14 08:43:56.680root 11241100x80000000000000001740761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ddaf61a6af654b2022-02-14 08:43:56.681root 11241100x80000000000000001740762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c83b7cc3fb18d5a2022-02-14 08:43:56.681root 11241100x80000000000000001740763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4ead1163d34d0c2022-02-14 08:43:56.681root 11241100x80000000000000001740764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d709a762fb0ec8512022-02-14 08:43:56.681root 11241100x80000000000000001740765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7dc8eb89e642102022-02-14 08:43:56.682root 11241100x80000000000000001740766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac128e68b1c6ad62022-02-14 08:43:56.682root 11241100x80000000000000001740767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46938855fe6102f22022-02-14 08:43:56.682root 11241100x80000000000000001740768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12630e4c18ad0df52022-02-14 08:43:56.682root 11241100x80000000000000001740769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3df35f9d73eb1572022-02-14 08:43:56.682root 11241100x80000000000000001740770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b43aa3a0e6cba2022-02-14 08:43:56.682root 11241100x80000000000000001740771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111775e12f56760e2022-02-14 08:43:56.682root 11241100x80000000000000001740772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25742acd9cc57a8e2022-02-14 08:43:56.683root 11241100x80000000000000001740773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d0c940fde774f32022-02-14 08:43:56.683root 11241100x80000000000000001740774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49b89e03bb3b4c2022-02-14 08:43:56.683root 11241100x80000000000000001740775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11564adcb8d05aa22022-02-14 08:43:56.683root 11241100x80000000000000001740776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4268454b36f6db0c2022-02-14 08:43:56.683root 11241100x80000000000000001740777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd1fe599172e0612022-02-14 08:43:56.683root 11241100x80000000000000001740778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d464caa6d5f5322022-02-14 08:43:56.683root 11241100x80000000000000001740779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f36e073026c2f282022-02-14 08:43:56.683root 11241100x80000000000000001740780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c97c41cf4d2955f2022-02-14 08:43:56.683root 11241100x80000000000000001740781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7b896b114425672022-02-14 08:43:56.683root 11241100x80000000000000001740782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485d3465e24124a2022-02-14 08:43:56.684root 11241100x80000000000000001740783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b37508aaa3f2172022-02-14 08:43:56.684root 11241100x80000000000000001740784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6597558d9bf3b22022-02-14 08:43:56.684root 11241100x80000000000000001740785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab97476d5d1fe0ed2022-02-14 08:43:56.684root 11241100x80000000000000001740786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aa00d6ff0e36c22022-02-14 08:43:56.684root 11241100x80000000000000001740787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549ed529d2bfe9c62022-02-14 08:43:56.684root 11241100x80000000000000001740788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb32d959903faa2022-02-14 08:43:56.684root 11241100x80000000000000001740789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d965e2c4c95c2f612022-02-14 08:43:56.684root 11241100x80000000000000001740790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feee6a10063af2bd2022-02-14 08:43:56.684root 11241100x80000000000000001740791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1085a030ab1e7e82022-02-14 08:43:56.685root 11241100x80000000000000001740792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f3b715a1f486be2022-02-14 08:43:56.685root 11241100x80000000000000001740793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6f743e7f68a4d02022-02-14 08:43:56.686root 11241100x80000000000000001740794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc4ed626df441c2022-02-14 08:43:56.686root 11241100x80000000000000001740795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5204d4f802ce1e052022-02-14 08:43:57.180root 11241100x80000000000000001740796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672a8aa7625998342022-02-14 08:43:57.180root 11241100x80000000000000001740797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e77a738d1e750b2022-02-14 08:43:57.181root 11241100x80000000000000001740798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49405921980ae3cf2022-02-14 08:43:57.181root 11241100x80000000000000001740799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8038254715d4db1f2022-02-14 08:43:57.181root 11241100x80000000000000001740800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a68f2d5f9a1492022-02-14 08:43:57.181root 11241100x80000000000000001740801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13b391e468223c2022-02-14 08:43:57.181root 11241100x80000000000000001740802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1655c329096dfc82022-02-14 08:43:57.181root 11241100x80000000000000001740803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a9e5ddbcccb3882022-02-14 08:43:57.181root 11241100x80000000000000001740804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3799719e54bb94072022-02-14 08:43:57.182root 11241100x80000000000000001740805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b5af6b21d86f9d2022-02-14 08:43:57.182root 11241100x80000000000000001740806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d597a540feff38fb2022-02-14 08:43:57.182root 11241100x80000000000000001740807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295c4477addfb962022-02-14 08:43:57.182root 11241100x80000000000000001740808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b488f08f4fbef7402022-02-14 08:43:57.182root 11241100x80000000000000001740809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839cd841579348632022-02-14 08:43:57.183root 11241100x80000000000000001740810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc149c9ee971222022-02-14 08:43:57.183root 11241100x80000000000000001740811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d269b875878e2572022-02-14 08:43:57.183root 11241100x80000000000000001740812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c31f34636e8c32022-02-14 08:43:57.183root 11241100x80000000000000001740813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aff5b35a004faa32022-02-14 08:43:57.183root 11241100x80000000000000001740814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbdbed32ac9ff622022-02-14 08:43:57.184root 11241100x80000000000000001740815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd53d21a1b2b40862022-02-14 08:43:57.184root 11241100x80000000000000001740816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29d719c6ac347832022-02-14 08:43:57.184root 11241100x80000000000000001740817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6d88d50c4680de2022-02-14 08:43:57.185root 11241100x80000000000000001740818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba564808a9e3cd42022-02-14 08:43:57.186root 11241100x80000000000000001740819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc1a98bbbcd78b12022-02-14 08:43:57.186root 11241100x80000000000000001740820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130b99696301b0fe2022-02-14 08:43:57.186root 11241100x80000000000000001740821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c4de53cf9f77dd2022-02-14 08:43:57.186root 11241100x80000000000000001740822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c321c4f03207ddf2022-02-14 08:43:57.187root 11241100x80000000000000001740823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c588c251e37a8032022-02-14 08:43:57.187root 11241100x80000000000000001740824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cf4be5f294f62d2022-02-14 08:43:57.187root 11241100x80000000000000001740825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b1c4014ba0fb692022-02-14 08:43:57.187root 11241100x80000000000000001740826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6545050e9428c2b2022-02-14 08:43:57.187root 11241100x80000000000000001740827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d366be5705553732022-02-14 08:43:57.187root 11241100x80000000000000001740828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394faa6204e69d032022-02-14 08:43:57.188root 11241100x80000000000000001740829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ad52683f2a0cc02022-02-14 08:43:57.681root 11241100x80000000000000001740830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec480ba8cee3e3162022-02-14 08:43:57.681root 11241100x80000000000000001740831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7417b08b18bc58532022-02-14 08:43:57.681root 11241100x80000000000000001740832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61c550709f710432022-02-14 08:43:57.682root 11241100x80000000000000001740833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8484042b656a6d3f2022-02-14 08:43:57.682root 11241100x80000000000000001740834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb62678fe5e62b2022-02-14 08:43:57.682root 11241100x80000000000000001740835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c8ff89f71ecc52022-02-14 08:43:57.682root 11241100x80000000000000001740836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb655057b873a81c2022-02-14 08:43:57.682root 11241100x80000000000000001740837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef5e0da93d613e52022-02-14 08:43:57.682root 11241100x80000000000000001740838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99d3e037883ec5c2022-02-14 08:43:57.682root 11241100x80000000000000001740839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74774e2014cbcb6e2022-02-14 08:43:57.682root 11241100x80000000000000001740840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d6a3d1e1c315302022-02-14 08:43:57.682root 11241100x80000000000000001740841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee934a06659fe4e2022-02-14 08:43:57.683root 11241100x80000000000000001740842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7551760b5dae87e02022-02-14 08:43:57.683root 11241100x80000000000000001740843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669bd2ee33f8431e2022-02-14 08:43:57.683root 11241100x80000000000000001740844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85dd3b2086fa3af2022-02-14 08:43:57.683root 11241100x80000000000000001740845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae50b78d5f324a52022-02-14 08:43:57.683root 11241100x80000000000000001740846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff924caf4b8ef3fd2022-02-14 08:43:57.683root 11241100x80000000000000001740847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503eeb1bf60c0cb52022-02-14 08:43:57.683root 11241100x80000000000000001740848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8411023b331b01f22022-02-14 08:43:57.683root 11241100x80000000000000001740849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beae4a6283b118d2022-02-14 08:43:57.683root 11241100x80000000000000001740850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048967c131e5e9262022-02-14 08:43:57.683root 11241100x80000000000000001740851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca72a6d84e55b322022-02-14 08:43:57.683root 11241100x80000000000000001740852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeaf8293807438f2022-02-14 08:43:57.684root 11241100x80000000000000001740853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3f4c40f2574f7c2022-02-14 08:43:57.684root 11241100x80000000000000001740854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66a1798e00bb352022-02-14 08:43:57.684root 11241100x80000000000000001740855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905d3c80a7dcf8ee2022-02-14 08:43:57.684root 11241100x80000000000000001740856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3f5bb3b7020b182022-02-14 08:43:57.684root 11241100x80000000000000001740857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f455d705e8bd74f2022-02-14 08:43:57.684root 11241100x80000000000000001740858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835d42e8c7febca22022-02-14 08:43:57.684root 11241100x80000000000000001740859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a04e373946a6f82022-02-14 08:43:57.684root 11241100x80000000000000001740860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4283aaea81b4e7da2022-02-14 08:43:57.684root 11241100x80000000000000001740861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab013be0c0d81ea2022-02-14 08:43:57.684root 11241100x80000000000000001740862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb3b8fcacb427c2022-02-14 08:43:57.684root 11241100x80000000000000001740863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2bae7b50628f822022-02-14 08:43:58.180root 11241100x80000000000000001740864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9a7d39d49c72c52022-02-14 08:43:58.180root 11241100x80000000000000001740865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d63d34536126732022-02-14 08:43:58.180root 11241100x80000000000000001740866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef28c63853e0dd82022-02-14 08:43:58.181root 11241100x80000000000000001740867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278a6cf067ecdf0d2022-02-14 08:43:58.181root 11241100x80000000000000001740868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb0fe1d5f7df302022-02-14 08:43:58.181root 11241100x80000000000000001740869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538037749e29ebed2022-02-14 08:43:58.181root 11241100x80000000000000001740870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4450eebd1cfc6c5c2022-02-14 08:43:58.181root 11241100x80000000000000001740871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9389fd2f2ff52d2022-02-14 08:43:58.181root 11241100x80000000000000001740872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec1e562ff9bf3c42022-02-14 08:43:58.182root 11241100x80000000000000001740873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c468b782567acb1f2022-02-14 08:43:58.182root 11241100x80000000000000001740874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754e800cc090a1162022-02-14 08:43:58.182root 11241100x80000000000000001740875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ec2dc4a8fc51ab2022-02-14 08:43:58.182root 11241100x80000000000000001740876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227640a483c4c6d92022-02-14 08:43:58.182root 11241100x80000000000000001740877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920a85d30082ff882022-02-14 08:43:58.182root 11241100x80000000000000001740878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb55d2aab86560782022-02-14 08:43:58.182root 11241100x80000000000000001740879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5079778459945a3c2022-02-14 08:43:58.183root 11241100x80000000000000001740880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4571002bae4b11da2022-02-14 08:43:58.183root 11241100x80000000000000001740881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31539cb9f53ea3b2022-02-14 08:43:58.183root 11241100x80000000000000001740882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11a4a751c3145912022-02-14 08:43:58.183root 11241100x80000000000000001740883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcd1dabe575f4d42022-02-14 08:43:58.183root 11241100x80000000000000001740884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d339e8b9e2c59b242022-02-14 08:43:58.183root 11241100x80000000000000001740885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1619a0ebe8700e2022-02-14 08:43:58.184root 11241100x80000000000000001740886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaf0919987cd0c62022-02-14 08:43:58.184root 11241100x80000000000000001740887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bd7ff0e873e1292022-02-14 08:43:58.184root 11241100x80000000000000001740888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3909c6a6107fbc62022-02-14 08:43:58.184root 11241100x80000000000000001740889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104455d56fbb88502022-02-14 08:43:58.184root 11241100x80000000000000001740890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5dd19dc08cd8582022-02-14 08:43:58.184root 11241100x80000000000000001740891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62da3b0f3203a92022-02-14 08:43:58.184root 11241100x80000000000000001740892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db077bb8b05944022022-02-14 08:43:58.184root 11241100x80000000000000001740893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907f737960ee0fda2022-02-14 08:43:58.184root 11241100x80000000000000001740894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3899f4f67cd249da2022-02-14 08:43:58.184root 11241100x80000000000000001740895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f096bc5f408f08052022-02-14 08:43:58.185root 11241100x80000000000000001740896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308256ef943426192022-02-14 08:43:58.185root 11241100x80000000000000001740897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bd06a510f686f2022-02-14 08:43:58.679root 11241100x80000000000000001740898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15779afd9e8031492022-02-14 08:43:58.680root 11241100x80000000000000001740899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e35822738c93a62022-02-14 08:43:58.680root 11241100x80000000000000001740900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a9a56e9474d0302022-02-14 08:43:58.680root 11241100x80000000000000001740901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc96523c5e95952022-02-14 08:43:58.680root 11241100x80000000000000001740902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9476f5b4450c872022-02-14 08:43:58.680root 11241100x80000000000000001740903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ba69edab5856df2022-02-14 08:43:58.680root 11241100x80000000000000001740904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cb54918786770b2022-02-14 08:43:58.680root 11241100x80000000000000001740905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84710ceaba739942022-02-14 08:43:58.680root 11241100x80000000000000001740906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552a63f7c95b68472022-02-14 08:43:58.681root 11241100x80000000000000001740907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f052eb4bb20457f2022-02-14 08:43:58.681root 11241100x80000000000000001740908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c038fe08a0aa9c902022-02-14 08:43:58.681root 11241100x80000000000000001740909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f2804e368814052022-02-14 08:43:58.681root 11241100x80000000000000001740910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844fb0d0c0788f782022-02-14 08:43:58.681root 11241100x80000000000000001740911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa3eca694659e8d2022-02-14 08:43:58.681root 11241100x80000000000000001740912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517fa600a3b2909a2022-02-14 08:43:58.681root 11241100x80000000000000001740913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a2f05cdccb2a282022-02-14 08:43:58.681root 11241100x80000000000000001740914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd686daaddf63432022-02-14 08:43:58.681root 11241100x80000000000000001740915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc64a3f0967d307e2022-02-14 08:43:58.682root 11241100x80000000000000001740916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5694555105912a2022-02-14 08:43:58.682root 11241100x80000000000000001740917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a07c33bae23aed2022-02-14 08:43:58.682root 11241100x80000000000000001740918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d081e8c141d9072022-02-14 08:43:58.682root 11241100x80000000000000001740919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b0ffb2301a8eac2022-02-14 08:43:58.682root 11241100x80000000000000001740920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2732e380668abc372022-02-14 08:43:58.683root 11241100x80000000000000001740921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3068d3b47dd16f1e2022-02-14 08:43:58.683root 11241100x80000000000000001740922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2c201aa0c1a6af2022-02-14 08:43:58.683root 11241100x80000000000000001740923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd2df686c908852022-02-14 08:43:58.683root 11241100x80000000000000001740924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70210252a8969962022-02-14 08:43:58.684root 11241100x80000000000000001740925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d46dab17284a2a2022-02-14 08:43:58.684root 11241100x80000000000000001740926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1fe87c133fa25e2022-02-14 08:43:58.684root 11241100x80000000000000001740927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c58bf3848f88392022-02-14 08:43:58.684root 11241100x80000000000000001740928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8368036d541a0522022-02-14 08:43:58.684root 11241100x80000000000000001740929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7e590391bfd2682022-02-14 08:43:58.685root 11241100x80000000000000001740930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f7fe5cd48e0ac02022-02-14 08:43:58.685root 11241100x80000000000000001740931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dbe38e8b7e6b302022-02-14 08:43:58.685root 11241100x80000000000000001740932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3a580f210306932022-02-14 08:43:58.685root 11241100x80000000000000001740933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264fbef6bc653eaa2022-02-14 08:43:58.685root 11241100x80000000000000001740934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ec12773dfcc8ce2022-02-14 08:43:58.686root 11241100x80000000000000001740935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d64830e49b206e2022-02-14 08:43:58.686root 11241100x80000000000000001740936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9a1078d1c7a272022-02-14 08:43:58.686root 11241100x80000000000000001740937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3b5b1281e989392022-02-14 08:43:58.686root 11241100x80000000000000001740938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9207cc38ab0e0ce62022-02-14 08:43:58.686root 11241100x80000000000000001740939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0470037c6bd9c12022-02-14 08:43:58.687root 11241100x80000000000000001740940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c515333dd47402022-02-14 08:43:59.180root 11241100x80000000000000001740941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d58e08d899fede2022-02-14 08:43:59.180root 11241100x80000000000000001740942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef172c7660961772022-02-14 08:43:59.181root 11241100x80000000000000001740943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527df4eeba8f55982022-02-14 08:43:59.181root 11241100x80000000000000001740944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62752fa9eb12af3b2022-02-14 08:43:59.181root 11241100x80000000000000001740945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18726ae086eaa0d22022-02-14 08:43:59.181root 11241100x80000000000000001740946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a2381aeb34f3992022-02-14 08:43:59.181root 11241100x80000000000000001740947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507b1d8399c22fc02022-02-14 08:43:59.182root 11241100x80000000000000001740948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bef635b24a21a62022-02-14 08:43:59.182root 11241100x80000000000000001740949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65525b696bd1cec82022-02-14 08:43:59.182root 11241100x80000000000000001740950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c222baefaa7befc42022-02-14 08:43:59.182root 11241100x80000000000000001740951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671b197fbb15cf432022-02-14 08:43:59.182root 11241100x80000000000000001740952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5143482e01640e502022-02-14 08:43:59.182root 11241100x80000000000000001740953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386e985a86f11b992022-02-14 08:43:59.182root 11241100x80000000000000001740954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7841618f49741fac2022-02-14 08:43:59.182root 11241100x80000000000000001740955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145d533758b1ecb82022-02-14 08:43:59.182root 11241100x80000000000000001740956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1152674d0fe532b52022-02-14 08:43:59.182root 11241100x80000000000000001740957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cdb773582010a02022-02-14 08:43:59.182root 11241100x80000000000000001740958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78cc3f3ffb626572022-02-14 08:43:59.182root 11241100x80000000000000001740959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f5dfaafb486b32022-02-14 08:43:59.183root 11241100x80000000000000001740960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d16e0157eeaf29f2022-02-14 08:43:59.183root 11241100x80000000000000001740961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e1a9635bbc8d912022-02-14 08:43:59.183root 11241100x80000000000000001740962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2521d371c947892022-02-14 08:43:59.183root 11241100x80000000000000001740963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe005c161237c52022-02-14 08:43:59.183root 11241100x80000000000000001740964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061809d42be132632022-02-14 08:43:59.183root 11241100x80000000000000001740965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaed5dd0df7349cf2022-02-14 08:43:59.183root 11241100x80000000000000001740966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c662b3d50a9fa2f32022-02-14 08:43:59.183root 11241100x80000000000000001740967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f85c819642fbcd2022-02-14 08:43:59.183root 11241100x80000000000000001740968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d84ee9ea22d702022-02-14 08:43:59.183root 11241100x80000000000000001740969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2df9c41d009d3d2022-02-14 08:43:59.183root 11241100x80000000000000001740970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12a42a25e5a02982022-02-14 08:43:59.183root 11241100x80000000000000001740971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716fad5d8b840d292022-02-14 08:43:59.184root 11241100x80000000000000001740972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb017a872581f512022-02-14 08:43:59.184root 11241100x80000000000000001740973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bea2a9d9697684f2022-02-14 08:43:59.184root 11241100x80000000000000001740974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ace212419fb4402022-02-14 08:43:59.184root 11241100x80000000000000001740975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f08a944cb7cfc32022-02-14 08:43:59.184root 11241100x80000000000000001740976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab915ae9b333efd2022-02-14 08:43:59.184root 11241100x80000000000000001740977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f76f1ea1f2e1742022-02-14 08:43:59.184root 11241100x80000000000000001740978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dcd75cbb3e5cef2022-02-14 08:43:59.184root 11241100x80000000000000001740979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67dd4c8fcf9513b2022-02-14 08:43:59.680root 11241100x80000000000000001740980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317b197b3d3c153d2022-02-14 08:43:59.680root 11241100x80000000000000001740981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3cb4e2f6cbd9b12022-02-14 08:43:59.680root 11241100x80000000000000001740982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b01f19f4f537cd62022-02-14 08:43:59.680root 11241100x80000000000000001740983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f4f374bfc42aff2022-02-14 08:43:59.680root 11241100x80000000000000001740984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff102acdb1115e252022-02-14 08:43:59.680root 11241100x80000000000000001740985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8180bb5eb085152022-02-14 08:43:59.680root 11241100x80000000000000001740986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c4d14c3e7c55342022-02-14 08:43:59.681root 11241100x80000000000000001740987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b4dfedb93775b82022-02-14 08:43:59.681root 11241100x80000000000000001740988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5100f818b771c92022-02-14 08:43:59.681root 11241100x80000000000000001740989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996ee938983fccbd2022-02-14 08:43:59.681root 11241100x80000000000000001740990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a25cb49bdf1f1382022-02-14 08:43:59.681root 11241100x80000000000000001740991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ab13a512d7736f2022-02-14 08:43:59.681root 11241100x80000000000000001740992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2e50ed71fd87b02022-02-14 08:43:59.681root 11241100x80000000000000001740993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c0a704a23bf8b92022-02-14 08:43:59.682root 11241100x80000000000000001740994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c93a7a2106266d2022-02-14 08:43:59.682root 11241100x80000000000000001740995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bdbe415792aa1e2022-02-14 08:43:59.682root 11241100x80000000000000001740996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5817e8b9961c4ff42022-02-14 08:43:59.682root 11241100x80000000000000001740997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0ff7f523c46aa92022-02-14 08:43:59.682root 11241100x80000000000000001740998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f71473e52f70bf2022-02-14 08:43:59.682root 11241100x80000000000000001740999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6035b3e46021e4232022-02-14 08:43:59.682root 11241100x80000000000000001741000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c421c4835722285f2022-02-14 08:43:59.682root 11241100x80000000000000001741001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1e69c757c524ab2022-02-14 08:43:59.682root 11241100x80000000000000001741002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07499a91b83364a2022-02-14 08:43:59.682root 11241100x80000000000000001741003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f883b1a970cbac32022-02-14 08:43:59.682root 11241100x80000000000000001741004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1979d663a3bf9d2022-02-14 08:43:59.682root 11241100x80000000000000001741005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edaea7410d6f7072022-02-14 08:43:59.682root 11241100x80000000000000001741006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ebb5365e20e9252022-02-14 08:43:59.682root 11241100x80000000000000001741007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52313e00bde8d9a32022-02-14 08:43:59.682root 11241100x80000000000000001741008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6886fccd8e8813d12022-02-14 08:43:59.683root 11241100x80000000000000001741009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9e0c5ffd0049b62022-02-14 08:43:59.683root 11241100x80000000000000001741010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32c315bd52b41582022-02-14 08:43:59.683root 11241100x80000000000000001741011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0d3c8a8c967952022-02-14 08:43:59.683root 11241100x80000000000000001741012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3e633913fe76842022-02-14 08:43:59.683root 11241100x80000000000000001741013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43f85e952e103752022-02-14 08:43:59.683root 11241100x80000000000000001741014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ba7cf320b1acbc2022-02-14 08:43:59.683root 11241100x80000000000000001741015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048bdd9bb877022c2022-02-14 08:43:59.683root 11241100x80000000000000001741016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791fdcda374388672022-02-14 08:43:59.683root 11241100x80000000000000001741017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e43ad650e307ba82022-02-14 08:43:59.683root 11241100x80000000000000001741018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23696bd7e5d51bd2022-02-14 08:43:59.683root 11241100x80000000000000001741019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de993ed5ba5fdc72022-02-14 08:43:59.683root 11241100x80000000000000001741020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a31ad8f0a9958a2022-02-14 08:43:59.683root 11241100x80000000000000001741021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f97e410f75dad3c2022-02-14 08:43:59.684root 11241100x80000000000000001741022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae070b1498d5dc32022-02-14 08:43:59.684root 11241100x80000000000000001741023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d955695a0caff792022-02-14 08:43:59.684root 11241100x80000000000000001741024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863647a9c76469772022-02-14 08:43:59.684root 11241100x80000000000000001741025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae7b95627aa13402022-02-14 08:43:59.684root 11241100x80000000000000001741026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d46af53a13f2b742022-02-14 08:43:59.684root 354300x80000000000000001741027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.146{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51476-false10.0.1.12-8000- 11241100x80000000000000001741028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0be759b638dee92022-02-14 08:44:00.147root 11241100x80000000000000001741029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f208975acb9da3d42022-02-14 08:44:00.147root 11241100x80000000000000001741030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce2e3c16d03dd692022-02-14 08:44:00.147root 11241100x80000000000000001741031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70939b553060c8e2022-02-14 08:44:00.147root 11241100x80000000000000001741032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dbab68699ac3f02022-02-14 08:44:00.147root 11241100x80000000000000001741033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e66abe96608ea2022-02-14 08:44:00.147root 11241100x80000000000000001741034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e04cbfe72128ab2022-02-14 08:44:00.147root 11241100x80000000000000001741035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9891d92afb9faef02022-02-14 08:44:00.147root 11241100x80000000000000001741036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4bb2771366a5292022-02-14 08:44:00.147root 11241100x80000000000000001741037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1902c6baee4e6c8c2022-02-14 08:44:00.148root 11241100x80000000000000001741038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c98dc5e28316d12022-02-14 08:44:00.148root 11241100x80000000000000001741039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092dcc4dfa8a58492022-02-14 08:44:00.148root 11241100x80000000000000001741040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9248f835684287a42022-02-14 08:44:00.148root 11241100x80000000000000001741041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec054ed7baf6ec82022-02-14 08:44:00.148root 11241100x80000000000000001741042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74bcbe7c7104c612022-02-14 08:44:00.148root 11241100x80000000000000001741043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cff53ed7f84004c2022-02-14 08:44:00.148root 11241100x80000000000000001741044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033c883ab33d3fa62022-02-14 08:44:00.148root 11241100x80000000000000001741045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff0061c56fab28c2022-02-14 08:44:00.149root 11241100x80000000000000001741046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b435fc090836afb22022-02-14 08:44:00.149root 11241100x80000000000000001741047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d18918260407852022-02-14 08:44:00.149root 11241100x80000000000000001741048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5686aa4fc54d95082022-02-14 08:44:00.149root 11241100x80000000000000001741049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627e8ef8a8aeeef2022-02-14 08:44:00.151root 11241100x80000000000000001741050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1c7ed79cbd9ca2022-02-14 08:44:00.151root 11241100x80000000000000001741051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c0fe4f53a3ff3d2022-02-14 08:44:00.151root 11241100x80000000000000001741052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f22e35ef7bd4bbc2022-02-14 08:44:00.151root 11241100x80000000000000001741053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f19146bcdcf05e2022-02-14 08:44:00.153root 11241100x80000000000000001741054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75404c35dc3d89112022-02-14 08:44:00.153root 11241100x80000000000000001741055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d49782771286072022-02-14 08:44:00.153root 11241100x80000000000000001741056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482f66bd55a702e2022-02-14 08:44:00.153root 11241100x80000000000000001741057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c244112494a4d2022-02-14 08:44:00.153root 11241100x80000000000000001741058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58f9ad50e80270d2022-02-14 08:44:00.154root 11241100x80000000000000001741059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f5a07d66b8d592022-02-14 08:44:00.154root 11241100x80000000000000001741060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee2eb89a0106242022-02-14 08:44:00.154root 11241100x80000000000000001741061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b462f8955e490482022-02-14 08:44:00.154root 11241100x80000000000000001741062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac46574e77a31f4f2022-02-14 08:44:00.154root 11241100x80000000000000001741063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a12e3d5500af252022-02-14 08:44:00.154root 11241100x80000000000000001741064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9824cb1fa0b777c72022-02-14 08:44:00.155root 11241100x80000000000000001741065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83daa0069fb498ec2022-02-14 08:44:00.155root 11241100x80000000000000001741066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccde77344356e6c2022-02-14 08:44:00.155root 11241100x80000000000000001741067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb990ea469081a2022-02-14 08:44:00.155root 11241100x80000000000000001741068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca97525eab44e52022-02-14 08:44:00.155root 11241100x80000000000000001741069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f959e1836eb751e2022-02-14 08:44:00.155root 11241100x80000000000000001741070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.156{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89413132d16ce442022-02-14 08:44:00.156root 11241100x80000000000000001741071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.156{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bc385136bb91352022-02-14 08:44:00.156root 11241100x80000000000000001741072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a68d50507bc3012022-02-14 08:44:00.157root 11241100x80000000000000001741073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a444d3a9b6b5402022-02-14 08:44:00.157root 11241100x80000000000000001741074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c33b6e77c2cd2442022-02-14 08:44:00.157root 11241100x80000000000000001741075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b02bbe4fd222022022-02-14 08:44:00.157root 11241100x80000000000000001741076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5e92f231e34c332022-02-14 08:44:00.157root 11241100x80000000000000001741077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574135a7395b87db2022-02-14 08:44:00.157root 11241100x80000000000000001741078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc3d936925a0b9c2022-02-14 08:44:00.158root 11241100x80000000000000001741079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8692dec523d270c62022-02-14 08:44:00.158root 11241100x80000000000000001741080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84855ebd3f8408942022-02-14 08:44:00.158root 11241100x80000000000000001741081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105a0deb4bfb4dbc2022-02-14 08:44:00.158root 11241100x80000000000000001741082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5922063c1b4a882022-02-14 08:44:00.158root 11241100x80000000000000001741083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a1cb2e4efea3072022-02-14 08:44:00.430root 11241100x80000000000000001741084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfd3e388e70cfd2022-02-14 08:44:00.430root 11241100x80000000000000001741085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfcb5c277712b6c2022-02-14 08:44:00.431root 11241100x80000000000000001741086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cfd2800e9db8882022-02-14 08:44:00.431root 11241100x80000000000000001741087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c973acda1d3ec2e2022-02-14 08:44:00.431root 11241100x80000000000000001741088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412716efc30d5bea2022-02-14 08:44:00.431root 11241100x80000000000000001741089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b18aadf00d2d7f2022-02-14 08:44:00.431root 11241100x80000000000000001741090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fc010ff41d31eb2022-02-14 08:44:00.431root 11241100x80000000000000001741091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b413abdb73bf6442022-02-14 08:44:00.431root 11241100x80000000000000001741092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe50bad4c1fa3802022-02-14 08:44:00.431root 11241100x80000000000000001741093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85619db43b4fd5d32022-02-14 08:44:00.431root 11241100x80000000000000001741094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb38dceeb7c68e122022-02-14 08:44:00.431root 11241100x80000000000000001741095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6dd9a3ace5fc272022-02-14 08:44:00.432root 11241100x80000000000000001741096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff33843010272db22022-02-14 08:44:00.432root 11241100x80000000000000001741097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14b0f9abe827ee62022-02-14 08:44:00.432root 11241100x80000000000000001741098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600386a4473ad5212022-02-14 08:44:00.433root 11241100x80000000000000001741099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422bd4fb3a1e4f582022-02-14 08:44:00.433root 11241100x80000000000000001741100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a5bc8b672444c32022-02-14 08:44:00.433root 11241100x80000000000000001741101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea357b51647381e2022-02-14 08:44:00.433root 11241100x80000000000000001741102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010cc809cf7a53972022-02-14 08:44:00.433root 11241100x80000000000000001741103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a248816233587b622022-02-14 08:44:00.433root 11241100x80000000000000001741104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964bca80932e1f162022-02-14 08:44:00.433root 11241100x80000000000000001741105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d58ef55081cfc72022-02-14 08:44:00.433root 11241100x80000000000000001741106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14b3c83aae1d5162022-02-14 08:44:00.433root 11241100x80000000000000001741107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3301a92a057599b2022-02-14 08:44:00.434root 11241100x80000000000000001741108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ceb869cf3fbd642022-02-14 08:44:00.434root 11241100x80000000000000001741109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6996e1e1cd738a2022-02-14 08:44:00.434root 11241100x80000000000000001741110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb4d66860c6a60c2022-02-14 08:44:00.435root 11241100x80000000000000001741111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f59d52819ca5be2022-02-14 08:44:00.441root 11241100x80000000000000001741112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ab4f5864b565202022-02-14 08:44:00.441root 11241100x80000000000000001741113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b23c9eaeb7d20b32022-02-14 08:44:00.442root 11241100x80000000000000001741114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30468a33a51f58342022-02-14 08:44:00.442root 11241100x80000000000000001741115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-